<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Fundamental issue with Splunk's architecture for overwriting other app's configuration in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Fundamental-issue-with-Splunk-s-architecture-for-overwriting/m-p/112181#M23491</link>
    <description>&lt;P&gt;To work around this, make sure the names are unique, like this:&lt;/P&gt;

&lt;P&gt;app1_kpi/default/distsearch.conf:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[replicationBlacklist]
App1_excludeLookup = apps/app1_kpi/lookups/*.csv
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;app2_kpi/default/distsearch.conf:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[replicationBlacklist]
App2_excludeLookup = apps/app2_kpi/lookups/*.csv
&lt;/CODE&gt;&lt;/PRE&gt;</description>
    <pubDate>Thu, 26 Mar 2015 19:30:18 GMT</pubDate>
    <dc:creator>matt_harden</dc:creator>
    <dc:date>2015-03-26T19:30:18Z</dc:date>
    <item>
      <title>Fundamental issue with Splunk's architecture for overwriting other app's configuration</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Fundamental-issue-with-Splunk-s-architecture-for-overwriting/m-p/112180#M23490</link>
      <description>&lt;P&gt;I don't understand why Splunk implemented a priority architecture which can overwrite another app's property. I wanted to blacklist each app's csvs and i used the Stanzas as below in distsearch.conf. To my suprise, one of the apps csvs were not blacklisted. &lt;/P&gt;

&lt;P&gt;App1:&lt;BR /&gt;
[replicationBlacklist]&lt;BR /&gt;
excludeLookup = apps/app1_kpi/lookups/*.csv&lt;/P&gt;

&lt;P&gt;App2:&lt;BR /&gt;
[replicationBlacklist]&lt;BR /&gt;
excludeLookup = apps/app2_kpi/lookups/*.csv&lt;/P&gt;

&lt;P&gt;Both are global sharing. We changed the sharing but got same result. &lt;/P&gt;

&lt;P&gt;Will Splunk change this architecture in future? This is very dangerous for managing. The app concept is fundamental violated.&lt;/P&gt;</description>
      <pubDate>Thu, 19 Jun 2014 19:11:25 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Fundamental-issue-with-Splunk-s-architecture-for-overwriting/m-p/112180#M23490</guid>
      <dc:creator>sibbsnb</dc:creator>
      <dc:date>2014-06-19T19:11:25Z</dc:date>
    </item>
    <item>
      <title>Re: Fundamental issue with Splunk's architecture for overwriting other app's configuration</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Fundamental-issue-with-Splunk-s-architecture-for-overwriting/m-p/112181#M23491</link>
      <description>&lt;P&gt;To work around this, make sure the names are unique, like this:&lt;/P&gt;

&lt;P&gt;app1_kpi/default/distsearch.conf:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[replicationBlacklist]
App1_excludeLookup = apps/app1_kpi/lookups/*.csv
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;app2_kpi/default/distsearch.conf:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[replicationBlacklist]
App2_excludeLookup = apps/app2_kpi/lookups/*.csv
&lt;/CODE&gt;&lt;/PRE&gt;</description>
      <pubDate>Thu, 26 Mar 2015 19:30:18 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Fundamental-issue-with-Splunk-s-architecture-for-overwriting/m-p/112181#M23491</guid>
      <dc:creator>matt_harden</dc:creator>
      <dc:date>2015-03-26T19:30:18Z</dc:date>
    </item>
  </channel>
</rss>

