I know Splunk ES is a little picky about apps installed with it and created. I was going to create an app called mycompany_splunkes_base and toss in all my configs like server.conf and alert_actions.conf there. Any reason that would be a bad idea?
If you are making alert actions for ES use add on builder and make proper additive responses.
Also name any apps like TA-myapp or SA-myapp so you don’t gave to edit the ES app filter to import it.