Re: Splunk objects configuration management/CMDB

rmurthy · ‎08-17-2012

Hello, I am looking for a solution to manage my splunk objects (searches, event type, macros, lookups, etc). There are two basic needs:
1. Version control for searches (I could probably use SVN)
2. Change impact analysis. e.g. If i change an eventtype, how many of my searches and reports will that effect. I need something like a CMDB for Splunk objects.

Please share if you have already implemented something to address the above.

Runals · ‎02-10-2015

I created and posted an app recently that might help. I didn't go down the path of impact analysis though.

https://apps.splunk.com/app/2627/

Note that you need to be running 6x as all the base searches are hitting REST endpoints.

bmacias84 · ‎08-12-2014

I use git and all splunk apps are contained with in a Splunk Project directory. You could write a git hook or jenkins hook to enumerate all repos in that project and search line by line for that eventtype, savedsearch or macro is referenced.

Splunk objects configuration management/CMDB

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation