Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to copy savedsearches.conf from an old Splunk app to a recent one (newest Splunk version)?

skender27
Contributor
‎09-15-2016 06:21 AM

Hi,

The requirement is to have the same dashboard (lots of href links to searches in Splunk organized in blockes) when building up a new Splunk distributed platform.

I am thinking to reuse the same savedsearches.conf (a large one made in html) from a Splunk 5.0.9 to a recent version and so copying it under the same app local folder...
What issues should I consider (except removing the vsid row from each search saved)?

Thanks a lot,
Skender

0 Karma
Reply

somesoni2
SplunkTrust
SplunkTrust
‎09-15-2016 07:49 AM

You would need to copy the savedsearches.conf and corresponding local.meta entries (yourApp/metadata folder). The local.meta would define the permissions and scope (visibility) for the searches (required).

Reply

skender27
Contributor
‎10-10-2016 01:55 AM

Unfortunatelly no (should I override the existing folder?).

In fact, it is unnecessary now because some of them are obsolete . Well in this case I think I have to re-create all the searches which feed the href links of the dashboard.

I will let you know,
Skender

0 Karma
Reply

skender27
Contributor
‎10-05-2016 08:35 AM

Hi,

I tried deleting the vsid attributes from the copied savedsearches.conf, but still i couldn't get the old searches.
Probably because of different Splunk versions: the old one was a Enterprise 5.0.8 and the new one was a 6.4.
Could it be the reason?

Skender

0 Karma
Reply

somesoni2
SplunkTrust
SplunkTrust
‎10-05-2016 09:10 AM

And did you copy the .meta entries as well?

0 Karma
Reply

skender27
Contributor
‎09-15-2016 08:00 AM

Sure, I will try next week and I'll share how this behaves.

Thanks a lot,
Skender

0 Karma
Reply

skender27
Contributor
‎09-15-2016 06:36 AM

Precision: "a large one made in html" I mean the dashboard, not the .conf file.

Skender

0 Karma
Reply

dmaislin_splunk
Splunk Employee
Splunk Employee
‎09-15-2016 06:36 AM

Yes, Should be perfectly fine. Give it a try and let me know the results.

Reply

skender27
Contributor
‎09-15-2016 08:02 AM

I can try this only the next week...
I will share all the results about this issue.

Thanks,
Skender

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...