SplunkKOHelper
Powershell script to orchestrate identification and correction of reports and dashboards requring updates to support Splunk app for Windows v5 deployment.
Synopsis:
Employs Splunk REST API to find searches and views having legacy wineventlog sourcetype references. User can select one or more knowledge objects to review.
Transformations are drafted automatically and differences are displayed in windiff application. Note: If the auto-transformation was not perfect, you can edit the right side file through windiff to fine tune changes.
If changes are accepted, new source is placed in clipbard.
The view or dashboard is then automatically opened for editing in a new browser window where changes can be pasted from clipboard and saved.
Both searches and views are supported.