Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk package CLI is not bundling my saved searches or event types. Why?

mumblingsages
Path Finder
‎08-19-2017 10:21 PM

So I have a nice little application created in my development splunk instance. I'd like to package it with the splunk package CLI and move the application to my integration/qa splunk instance so the QA team can test it. Problem I'm running into is that when I run splunk package command from the command line, it's not including all the saved searches (reports) or my custom event types into the resultant package. I followed the instructions for packaging and publishing located here. But it just doesn't seem to pick those up.

I have verified that both the saved searches and event types belong to the application. So I'm completely befuddled as to what is wrong. I really don't like the idea of manually recreating all of those!

[EDIT]
Looks like my link didn't work: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY

0 Karma
Reply

ptang_splunk
Splunk Employee
Splunk Employee
‎08-22-2017 06:28 AM

Hi @mumblingsages,

Could you check if your reports, eventtypes or any other knowledge objects are under your app folder: $SPLUNK_HOME/etc/apps/your_app_name/default or /local?

My first thought would be to verify if your knowledge objects are not Private and they need to be shared to apps. In such case, it won't be part of the package as private objects are under $SPLUNK_HOME/etc/users/...

However, please let me know if that is the case.

Thanks,

Philippe

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...