Hello ,
I am trying to figure out how to enable users to maintain their saved searches , reports and alerts in version control.
Application teams login to Splunk UI and create their own reports , alerts etc.
Those get to be written to savedsearches.conf files , private or shared.
So application owners want their portion of the configuration be available to them to maintain in , say a Git repo.
We are using clustered searchhead deployment and also have a separate shc deployer system.
Thought about setting up a cron job to git clone /opt/splunk/etc/users/<user-id>/search/local/savedsearches.conf.
I am not sure how it may work, seemed clunky.
Is there any other way for teams (standard users) to download , track and update their report, alert configuration without use of GUI ?
Thanks.
