All Apps and Add-ons

APP Exporter: option to merge local configs

klee310
Communicator

Any chance I can control whether the app/appname/local/ changes are merged with the export?

I am frequently developing with fake/ sample data on my local machine - so thats what I define in my local/macros.conf - but I wouldn't want those configs to overwrite my real-environment on production

If this can't be done quickly/easily on the (by the way, awesome) user-interface - can you at least tell me how to do in quick-and-dirty from your source-code?

Tags (1)
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

I'm afraid it's not that simple. Underneath the (thanks!) user interface I'm using Splunk's REST API, namely the apps/.../package endpoint: http://docs.splunk.com/Documentation/Splunk/6.2.2/RESTREF/RESTapps#GET_apps.2Flocal.2F.7Bname.7D.2Fp...
That does the actual packaging of the app, including the merging of .conf files in local... there are no parameters you can pass to the endpoint in the docs, so you can't influence this behaviour.

I see two ways you can avoid this: Either you move your sample data macros to a different app and share them globally (or import that app into the other?), or you keep them in the same app but only share them privately. Both ways would let you use those macros in the app and would avoid them being exported.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

I'm afraid it's not that simple. Underneath the (thanks!) user interface I'm using Splunk's REST API, namely the apps/.../package endpoint: http://docs.splunk.com/Documentation/Splunk/6.2.2/RESTREF/RESTapps#GET_apps.2Flocal.2F.7Bname.7D.2Fp...
That does the actual packaging of the app, including the merging of .conf files in local... there are no parameters you can pass to the endpoint in the docs, so you can't influence this behaviour.

I see two ways you can avoid this: Either you move your sample data macros to a different app and share them globally (or import that app into the other?), or you keep them in the same app but only share them privately. Both ways would let you use those macros in the app and would avoid them being exported.

martin_mueller
SplunkTrust
SplunkTrust

Changing the role-based permissions isn't enough, you need to change sharing for that object from app/global to private.

0 Karma

klee310
Communicator

Thanks martin for the quick reply. I like the second option; keep in the same app and make them private.

Great app by the way. Thank you very much for sharing!

0 Karma

klee310
Communicator

nope, i'm afraid the second option doesn't work - or maybe I'm testing it incorrectly. Anyways, the way I tested it was by setting the permission on one of the macros to admin [read/write] only (as opposed to the original - everyone, read/write); but then I tried to perform the app-export, and the private macro still gets written out - perhaps this has to do with the account I'm using to perform the export - I guess I could try using another regular account to perform the export, but I'm thinking that will be too much trouble; so maybe I'll simply just have to remember this limitation and manually update the spl file afterwards

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...