Hi @isoutamo ,

Yes, I'm fully aware if this solution, and would also use it, if I had physical access to the box, but I don't.
But I do have REST access, why I'm looking for a rest solution 👍

PS. The deprecated REST package app still works, there is just no link to get the SPL file anymore.

It makes sense, I'm just not aware of something apart from the package endpoint that has the local-to-default merge logic already built.

ok, so i ended up doing my custom command and its up for grabs at https://splunkbase.splunk.com/app/3685/

I don't see why not. Package app, put content of .spl wherever you commit to git from, commit to git.

hm, yeah kinda look ok-ish. The idea was to work with a repository equaling an app and work directly with it in /etc/apps for instance.

The general workflow is supposed to be
1. fork app from template in bitbucket
2. clone repo into /etc/apps (or /etc/deployment-apps or /etc/master-apps) on a development stage
3. edit the app, in the case of an ui app via splunk web-ui (power users)
4. merge changes, clean stuff in local
5. push changes into git
6. clone or update app into a production stage into the apropriate structure and refresh leading to usable app in ui or app being deployed via cluster or deployment method

we keep a separate gitdir so there is no git cluter in the repo itself.

Do i make sense?

I guess i can do what you suggest and take the "detour" via /package of which i was not aware

ok, but this won't touch the app itself so i can not work with git directly etc.

The idea is to merge UI generated changes back into default (on INTG), push it to the central git and then pull the repo version to a splunk PROD stage ( /etc/apps or /etc/deployment-apps or /etc/cluster-apps or whatever was the path again).

Mostly for app maintainers updating searches and knowledge objects on the GUI with no shell access.

I will update the question to clarify

open for pointers

essentially i want to merge all changes by non admins with shell and vi 🙂 into the default