Solved: Re: Is it possible to use SH-Deployer to Push User...

morethanyell · ‎02-25-2019

Basically what I wish to do is very simple, I want to clone 70+ alerts (entire savedsearches.conf). I maybe naive but my plan is to clone them all but not via UI. How can I copy the entire savedsearches.conf we have in ../etc/apps/<appname>/default/savedsearches.conf into our SH deployer and let it apply cluster bundel into the ../etc/users/<username>/<appname>/local/ of our 14 search heads?

tiagofbmm · ‎02-26-2019

SH Deployer deploys to apps folder only. If you want to push savedsearches to belong privately to users, I'd recommend using Ansible or other automation tool, which would be pretty simple to create there.

View solution in original post

tiagofbmm · ‎02-26-2019

SH Deployer deploys to apps folder only. If you want to push savedsearches to belong privately to users, I'd recommend using Ansible or other automation tool, which would be pretty simple to create there.

morethanyell · ‎02-26-2019

Hi @tiagofbmm please convert your comment to answer as it directly answers my question. I will accept it. By the way, thank you very much.

tiagofbmm · ‎02-26-2019

You're welcome. It is converted now 😉

Is it possible to use SH-Deployer to Push User (Local) App?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases