All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the App layout best practices?

Marinus
Communicator
‎04-01-2010 02:36 PM

I've seen quite a few apps and they structure their file in different ways. Is there a best practice? For example should you place indexes, script, collected data or binaries in the App directory?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

emma
Splunk Employee
Splunk Employee
‎04-01-2010 11:22 PM

If you intend to package your app and distribute it, either on Splunkbase or within your infrastructure (using Deployment Server, for example) it's probably best to put everything pertaining to that app in the app's directory. Users, roles, indexes, inputs, scripts, views, saved searches, etc -- any custom configuration, code or knowledge objects you create specifically for that app. Anything you intend to share as a system-wide setting (users and roles who will have access to other apps, inputs and indexes for your entire install, system settings like management port and web timeout) should be in $SPLUNK_HOME/etc/system/local.

View solution in original post

Reply
Solved! Jump to solution
Solution

emma
Splunk Employee
Splunk Employee
‎04-01-2010 11:22 PM

If you intend to package your app and distribute it, either on Splunkbase or within your infrastructure (using Deployment Server, for example) it's probably best to put everything pertaining to that app in the app's directory. Users, roles, indexes, inputs, scripts, views, saved searches, etc -- any custom configuration, code or knowledge objects you create specifically for that app. Anything you intend to share as a system-wide setting (users and roles who will have access to other apps, inputs and indexes for your entire install, system settings like management port and web timeout) should be in $SPLUNK_HOME/etc/system/local.

Reply
Solved! Jump to solution

emma
Splunk Employee
Splunk Employee
‎04-06-2010 07:35 PM

Can you be more specific about what files you're talking about? If you are trying to package an app for other users, you can use the setup.xml to direct your users to specify where the file/directory is they'd like to index. They can set this up while installing/setting up the app. I wouldn't advise putting anything in $SPLUNK_HOME/var/log -- that's for internal Splunk logs.

0 Karma
Reply
Solved! Jump to solution

Marinus
Communicator
‎04-06-2010 08:04 AM

Thank you Emma, what about file that you are indexing. I currently keep them in the app directory. Would you advise $SPLUNK_HOME/var/log? I've also noticed that Splunk sometimes tries to read some of these files as config files, thought it would be limited to app/[local|default].

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...