Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Upgrading app lost kvstore objects (TenableAppForS

donelliot
Path Finder
‎10-10-2021 08:26 AM

I thought I was following OK practice as these were customisations to collections.conf and transforms.conf and savedsearches.conf in the local directory

But it appears the app owner just got rid of them when I upgraded to 5.0.0 to 5.1.0

Working to recover the situation and have pinged the developer. The data should be recreated

Was it my fault by adding stanzas to a commercial app ? or should I have been protected if I stuck to local copies ?

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

donelliot
Path Finder
‎10-11-2021 06:37 AM

As before I just clicked on upgrade in the management of apps screen and it seems to have emptied the local directory ! restoring from a backup

0 Karma
Reply

donelliot
Path Finder
‎10-10-2021 11:26 AM

I got  an all-in one setup, and just download the app without pre-testing - my bad

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-10-2021 11:43 AM

Ok. But how did you update them? Using the "apps" screen in splunk webui? By downloading them manually and installing them from cli?

0 Karma
Reply

donelliot
Path Finder
‎10-10-2021 01:32 PM

I'm fairly sure by clicking on the update hint  from the manaagement screen /en-US/manager/launcher/apps/local

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-11-2021 10:21 PM

If you had your definitions in app/local directory, it should have been retained across upgrades. The app should overwrite the app/default directory (and therefore you should never directly edit files there) but your local files shouldn't be touched.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-10-2021 11:07 AM

What is your environment? Do you use all-in-one setup or do you have search-head cluster? How do you deploy apps? How did you upgrade the app?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale"   You know Splunk. You know Cisco. But have you seen ...

Data Management Digest – January 2026

Welcome to the January 2026 edition of Data Management Digest! Welcome to the January 2026 edition of Data ...

Splunk SOAR Now Available on Google Cloud Platform

We’re excited to announce that Splunk SOAR is now natively available as a SaaS solution on Google Cloud ...