Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk package CLI is not bundling my saved searches or event types. Why?

mumblingsages
Path Finder
‎08-19-2017 10:21 PM

So I have a nice little application created in my development splunk instance. I'd like to package it with the splunk package CLI and move the application to my integration/qa splunk instance so the QA team can test it. Problem I'm running into is that when I run splunk package command from the command line, it's not including all the saved searches (reports) or my custom event types into the resultant package. I followed the instructions for packaging and publishing located here. But it just doesn't seem to pick those up.

I have verified that both the saved searches and event types belong to the application. So I'm completely befuddled as to what is wrong. I really don't like the idea of manually recreating all of those!

[EDIT]
Looks like my link didn't work: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY

0 Karma
Reply

ptang_splunk
Splunk Employee
Splunk Employee
‎08-22-2017 06:28 AM

Hi @mumblingsages,

Could you check if your reports, eventtypes or any other knowledge objects are under your app folder: $SPLUNK_HOME/etc/apps/your_app_name/default or /local?

My first thought would be to verify if your knowledge objects are not Private and they need to be shared to apps. In such case, it won't be part of the package as private objects are under $SPLUNK_HOME/etc/users/...

However, please let me know if that is the case.

Thanks,

Philippe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...