Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Upgrading app lost kvstore objects (TenableAppForS

donelliot
Path Finder
‎10-10-2021 08:26 AM

I thought I was following OK practice as these were customisations to collections.conf and transforms.conf and savedsearches.conf in the local directory

But it appears the app owner just got rid of them when I upgraded to 5.0.0 to 5.1.0

Working to recover the situation and have pinged the developer. The data should be recreated

Was it my fault by adding stanzas to a commercial app ? or should I have been protected if I stuck to local copies ?

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

donelliot
Path Finder
‎10-11-2021 06:37 AM

As before I just clicked on upgrade in the management of apps screen and it seems to have emptied the local directory ! restoring from a backup

0 Karma
Reply

donelliot
Path Finder
‎10-10-2021 11:26 AM

I got  an all-in one setup, and just download the app without pre-testing - my bad

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-10-2021 11:43 AM

Ok. But how did you update them? Using the "apps" screen in splunk webui? By downloading them manually and installing them from cli?

0 Karma
Reply

donelliot
Path Finder
‎10-10-2021 01:32 PM

I'm fairly sure by clicking on the update hint  from the manaagement screen /en-US/manager/launcher/apps/local

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-11-2021 10:21 PM

If you had your definitions in app/local directory, it should have been retained across upgrades. The app should overwrite the app/default directory (and therefore you should never directly edit files there) but your local files shouldn't be touched.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-10-2021 11:07 AM

What is your environment? Do you use all-in-one setup or do you have search-head cluster? How do you deploy apps? How did you upgrade the app?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...