Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk objects configuration management/CMDB

rmurthy
Engager
‎08-17-2012 03:35 AM

Hello, I am looking for a solution to manage my splunk objects (searches, event type, macros, lookups, etc). There are two basic needs:
1. Version control for searches (I could probably use SVN)
2. Change impact analysis. e.g. If i change an eventtype, how many of my searches and reports will that effect. I need something like a CMDB for Splunk objects.

Please share if you have already implemented something to address the above.

Tags (1)
Reply

Runals
Motivator
‎02-10-2015 01:45 PM

I created and posted an app recently that might help. I didn't go down the path of impact analysis though.

https://apps.splunk.com/app/2627/

Note that you need to be running 6x as all the base searches are hitting REST endpoints.

0 Karma
Reply

bmacias84
Champion
‎08-12-2014 03:11 PM

I use git and all splunk apps are contained with in a Splunk Project directory. You could write a git hook or jenkins hook to enumerate all repos in that project and search line by line for that eventtype, savedsearch or macro is referenced.

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...