Splunk® App for Content Packs

Overview of the Splunk App for Content Packs

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Upgrade Splunk App for Content Packs to version 2.0

If you have installed a previous version of Splunk App for Content Packs, you can upgrade it to the latest version.

Be sure to perform the steps below for obtaining and backing up saved search status BEFORE installing version 2.0. of Splunk App for Content Packs.

Get the Status of Saved Searches before Upgrade

All saved searches of Splunk App for Content Packs v2.0 are deactivated by default.

Because Splunk App for Content Packs v2.0 has saved searches deactivated by default, we strongly recommend keeping a backup of current saved searches status.

Run the following search to get the status of the saved searches. You can export the results of this search and refer to it for updating the status of saved searches after upgrading to Splunk App for Content Pack version 2.0.

| rest /servicesNS/-/-/saved/searches
| search eai:acl.app="DA-ITSI-CP-*"
| eval Status=if(disabled == 0, "Enabled", "Disabled")
| rename eai:acl.app as "Content Packs", title as "Saved Search"
| table "Content Packs", "Saved Search", Status
| sort +"Content Packs", +"Saved Search"

Search results show the saved searches and status of the saved searches grouped by content pack, as in the following screenshot.

Example saved search showing grouping by content pack

Modify Status of Saved Searches after Upgrade

After you upgrade to Splunk App for Content Packs v2.0, the saved searches that had previously been activated by default will be deactivated.

You can modify all the saved searches of selected content pack in the following ways:

  • Activate all the saved searches
  • Deactivate all the saved searches
  • Retain current status of saved searches

To modify status of saved searches, navigating to the installation page of required content pack from Data Integrations → Content Library. For detailed steps, refer to the Install and Configure documentation of the content pack.

Last modified on 11 July, 2023
Overview of the Splunk App for Content Packs
Install the Splunk App for Content Packs

This documentation applies to the following versions of Splunk® App for Content Packs: 2.0.0, 2.0.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters