Hello team ! After unsuccessful research on the Internet / Splunk doc, I am turning to you for my question: - Let's say I have 50 alerts in a single app, that are all stored in my file $SPLUNK_HOME$/etc/apps/<appname>/default/savedsearches.conf. - For version control / code management, I want to split this single savedsearches.conf into multiples savedsearches.conf files so that developers can work with a folder directory looking like this: | default | | - | alerts | | - | - | category_1_alerts | | - | - | category_1_alerts | savedsearches.conf | - | - | category_2_alerts | | - | - | category_2_alerts | savedsearches.conf ... - I tried without success on my Splunk instance. I don't know if it is possible, and if it this, I don't know if there are some statements to make in code (e.g. #include <filename>) Have a nice day 🙂 PS : In my version control / code management tool, I can always resort to concatenating all my files together when packaging Splunk code if I don't manage to find a better answer.
... View more
