I did.

From the docs...
Saved Searches Lets you choose from a list of pre-defined ITSI saved searches.

My question is "How do I put one of my searches into the list of pre-defined ITSI saved searches", as the current ones don't meet my needs.

Is the saved search shared in the app or private to just your user?

Oh I see what you're saying now. I'm not sure how to do that but I'll ask around.

So it worked fine for me in a single instance.

I edited the Splunk\etc\apps\SA-ITOA\default\savedsearches.conf, copy and pasted an existing search, and slightly modified it. Then i restarted and it shows up under saved searches:

[IT Service Intelligence - asdfGet Windows hosts]
description             = Retrieves a list of hosts generating Windows host data
search                  = | asdfdatamodel Compute_Inventory OS search | search 
All_Inventory.tag=windows | dedup All_Inventory.dest | rename All_Inventory.dest AS dest | table dest
request.ui_dispatch_app = itsi

Wondering how this would behave with a macro in place of the search in savedsearches.conf. Would allow itsi admins without CLI access to update searches.

Thoughts?

Thanks for the steer.

I created a local directory in the SA-IOTA app on the Search Head Deployer (in $SPLUNK_HOME/etc/shcluster/apps/SA-IOTA), and placed my search savedsearches.conf in the local directory just created. This keeps our searches separate from the Splunk supplied ones, and ensures mine don't get obliterated by an upgrade. When the bundle is deployed, Splunk merges it into default on each Search Head. Job done.

I'm curious what the difference was between when you cloned it etc versus when you got it to work. Yes you should put it in local for sure. Sorry I didn't mention that. I just tested default because it was easy.