I have a frustrating problem.
At my organization, we are required to build everything in a DEV environment, and then push our entire app to a QA and a UAT environment for testing, and then finally to a Prod environment. We are not allowed to bundle the app ourself. A second team bundles the app from DEV, and a THIRD team deploys the app.
My team is in charge of building an inventory of scheduled searches/dashboards/field aliases, but we do not have admin rights of any kind. We can only access Splunk through the UI (no access to the config files). We have limited power user rights in DEV, but standard user rights (can't even schedule searches) in the test/prod environments.
Here's the issue:
A subset of our saved searches/dashboards must be scheduled to deliver via email. Since we only have schedule rights in DEV, we must schedule there and promote the already-scheduled searches/dashboards up the environment chain.
We found a way to prevent our standard scheduled searches from emailing in the lower environments - but this does not work on the dashboards. Basically we just brought in a field called "environment" to every report and added a custom condition to the alert that only sends the email if ENV=PROD. This does not work with the multi-panel dashboards we've created.
Assuming that scheduling directly in production is not an option - can anyone think of a possible solution? Kind of at my wit's end here.
Oh, and disabling emails in the QA/UAT environment altogether is not an option either - it's a shared environment used by other teams as well.
Thanks!
... View more