I have been experimenting with Splunk for a few weeks now. I've managed to create a few reports and a couple of dashboards that will be useful going forward. However, I'm working on a development machine. I need to be able to move my code to a production system. I would like to be able to package up my reports, views etc. into an RPM package (Linux RHEL5.x) and install it on my production system, once splunk is installed and running there.
Are there procedures (with or without using RPMs) for transferring individual reports, up through entire apps from one splunk system to another? Can someone point me at either the appropriate documentation or a tutorial for that?
Thanks,
nbc
There is a whole section in the Developer documentation on developing your own apps (basically collections of searches, views, configuration files, reports, etc) and packaging them.
Have a look at the packaging chapter to get you started, which includes steps on how to produce an .spl (basically a tarball splunk can use like an RPM), though I recommend reading through the whole app development section as it contains a ton of useful information on how to make a very portable app.
There is a whole section in the Developer documentation on developing your own apps (basically collections of searches, views, configuration files, reports, etc) and packaging them.
Have a look at the packaging chapter to get you started, which includes steps on how to produce an .spl (basically a tarball splunk can use like an RPM), though I recommend reading through the whole app development section as it contains a ton of useful information on how to make a very portable app.
That links seems broken.
My requirement is, to move all the user created reports and indexes to another Search head and peer respectively. How do we do this? Thanks.
That is what I was looking for - thanks very much!
nbc