Re: Migrate KO (Reports/Alerts/Dashboards) from Sp...

arpantfs · ‎07-06-2022

We're migrating the Splunk from On-Premise environment to Cloud, and are done with setting up forwarders to send the data to Splunk Cloud. However, we have a large number of alerts, reports and dashboards created on Splunk On-Premise.

Is there a way to transfer these (alerts, reports, and dashboards) from Splunk On-Premise to Splunk Cloud?

Thanks.

gjanders · ‎07-07-2022

The transferknowledgeobjects script I wrote may help https://github.com/gjanders/Splunk/ or https://github.com/gjanders/Splunk/blob/master/bin/transfersplunkknowledgeobjects.py for a direct link

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

Roy_9 · ‎07-06-2022

@arpantfs there isn't an article for this i guess, you need to manually build it and you could use splunk add-on builder for this.

Roy_9 · ‎07-06-2022

@arpantfs Hello,

you could package these ko's in to an custom app and upload it into Splunk cloud.

Note:this app should pass the splunk app inspect when you are uploading it to cloud.

thanks

arpantfs · ‎07-06-2022

Thank you @Roy_9 for the response ! would you know of any article or steps that can help in the creation of a custom app containing alerts, reports and dashboards !

All your responses are greatly appreciated - thank you !

Migrate KO (Reports/Alerts/Dashboards) from Splunk On-Prem to Splunk Cloud

other

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk