Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk package CLI is not bundling my saved searches or event types. Why?

mumblingsages
Path Finder
‎08-19-2017 10:21 PM

So I have a nice little application created in my development splunk instance. I'd like to package it with the splunk package CLI and move the application to my integration/qa splunk instance so the QA team can test it. Problem I'm running into is that when I run splunk package command from the command line, it's not including all the saved searches (reports) or my custom event types into the resultant package. I followed the instructions for packaging and publishing located here. But it just doesn't seem to pick those up.

I have verified that both the saved searches and event types belong to the application. So I'm completely befuddled as to what is wrong. I really don't like the idea of manually recreating all of those!

[EDIT]
Looks like my link didn't work: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY

0 Karma
Reply

ptang_splunk
Splunk Employee
Splunk Employee
‎08-22-2017 06:28 AM

Hi @mumblingsages,

Could you check if your reports, eventtypes or any other knowledge objects are under your app folder: $SPLUNK_HOME/etc/apps/your_app_name/default or /local?

My first thought would be to verify if your knowledge objects are not Private and they need to be shared to apps. In such case, it won't be part of the package as private objects are under $SPLUNK_HOME/etc/users/...

However, please let me know if that is the case.

Thanks,

Philippe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...