All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the App layout best practices?

Marinus
Communicator
‎04-01-2010 02:36 PM

I've seen quite a few apps and they structure their file in different ways. Is there a best practice? For example should you place indexes, script, collected data or binaries in the App directory?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

emma
Splunk Employee
Splunk Employee
‎04-01-2010 11:22 PM

If you intend to package your app and distribute it, either on Splunkbase or within your infrastructure (using Deployment Server, for example) it's probably best to put everything pertaining to that app in the app's directory. Users, roles, indexes, inputs, scripts, views, saved searches, etc -- any custom configuration, code or knowledge objects you create specifically for that app. Anything you intend to share as a system-wide setting (users and roles who will have access to other apps, inputs and indexes for your entire install, system settings like management port and web timeout) should be in $SPLUNK_HOME/etc/system/local.

View solution in original post

Reply
Solved! Jump to solution
Solution

emma
Splunk Employee
Splunk Employee
‎04-01-2010 11:22 PM

If you intend to package your app and distribute it, either on Splunkbase or within your infrastructure (using Deployment Server, for example) it's probably best to put everything pertaining to that app in the app's directory. Users, roles, indexes, inputs, scripts, views, saved searches, etc -- any custom configuration, code or knowledge objects you create specifically for that app. Anything you intend to share as a system-wide setting (users and roles who will have access to other apps, inputs and indexes for your entire install, system settings like management port and web timeout) should be in $SPLUNK_HOME/etc/system/local.

Reply
Solved! Jump to solution

emma
Splunk Employee
Splunk Employee
‎04-06-2010 07:35 PM

Can you be more specific about what files you're talking about? If you are trying to package an app for other users, you can use the setup.xml to direct your users to specify where the file/directory is they'd like to index. They can set this up while installing/setting up the app. I wouldn't advise putting anything in $SPLUNK_HOME/var/log -- that's for internal Splunk logs.

0 Karma
Reply
Solved! Jump to solution

Marinus
Communicator
‎04-06-2010 08:04 AM

Thank you Emma, what about file that you are indexing. I currently keep them in the app directory. Would you advise $SPLUNK_HOME/var/log? I've also noticed that Splunk sometimes tries to read some of these files as config files, thought it would be limited to app/[local|default].

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...