Upgrade Splunk App for Content Packs to version 2.0
If you have installed a previous version of Splunk App for Content Packs, you can upgrade it to the latest version.
Be sure to perform the steps below for obtaining and backing up saved search status BEFORE installing version 2.0. of Splunk App for Content Packs.
Get the Status of Saved Searches before Upgrade
All saved searches of Splunk App for Content Packs v2.0 are deactivated by default.
Because Splunk App for Content Packs v2.0 has saved searches deactivated by default, we strongly recommend keeping a backup of current saved searches status.
Run the following search to get the status of the saved searches. You can export the results of this search and refer to it for updating the status of saved searches after upgrading to Splunk App for Content Pack version 2.0.
| rest /servicesNS/-/-/saved/searches | search eai:acl.app="DA-ITSI-CP-*" | eval Status=if(disabled == 0, "Enabled", "Disabled") | rename eai:acl.app as "Content Packs", title as "Saved Search" | table "Content Packs", "Saved Search", Status | sort +"Content Packs", +"Saved Search"
Search results show the saved searches and status of the saved searches grouped by content pack, as in the following screenshot.
Modify Status of Saved Searches after Upgrade
After you upgrade to Splunk App for Content Packs v2.0, the saved searches that had previously been activated by default will be deactivated.
You can modify all the saved searches of selected content pack in the following ways:
- Activate all the saved searches
- Deactivate all the saved searches
- Retain current status of saved searches
To modify status of saved searches, navigating to the installation page of required content pack from Data Integrations → Content Library. For detailed steps, refer to the Install and Configure documentation of the content pack.
Clean up obsolete entity searches
Run a search command to clean up obsolete searches as described in the Entity Integrations Manual. This is required to ensure that the disabled/deleted entity discovery search does not contribute to the Entity Status calculation.
Overview of the Splunk App for Content Packs | Install the Splunk App for Content Packs |
This documentation applies to the following versions of Splunk® App for Content Packs: 2.0.0, 2.0.1
Feedback submitted, thanks!