All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

What are the App layout best practices?

Marinus
Communicator
‎04-01-2010 02:36 PM

I've seen quite a few apps and they structure their file in different ways. Is there a best practice? For example should you place indexes, script, collected data or binaries in the App directory?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

emma
Splunk Employee
Splunk Employee
‎04-01-2010 11:22 PM

If you intend to package your app and distribute it, either on Splunkbase or within your infrastructure (using Deployment Server, for example) it's probably best to put everything pertaining to that app in the app's directory. Users, roles, indexes, inputs, scripts, views, saved searches, etc -- any custom configuration, code or knowledge objects you create specifically for that app. Anything you intend to share as a system-wide setting (users and roles who will have access to other apps, inputs and indexes for your entire install, system settings like management port and web timeout) should be in $SPLUNK_HOME/etc/system/local.

View solution in original post

Reply
Solved! Jump to solution
Solution

emma
Splunk Employee
Splunk Employee
‎04-01-2010 11:22 PM

If you intend to package your app and distribute it, either on Splunkbase or within your infrastructure (using Deployment Server, for example) it's probably best to put everything pertaining to that app in the app's directory. Users, roles, indexes, inputs, scripts, views, saved searches, etc -- any custom configuration, code or knowledge objects you create specifically for that app. Anything you intend to share as a system-wide setting (users and roles who will have access to other apps, inputs and indexes for your entire install, system settings like management port and web timeout) should be in $SPLUNK_HOME/etc/system/local.

Reply
Solved! Jump to solution

emma
Splunk Employee
Splunk Employee
‎04-06-2010 07:35 PM

Can you be more specific about what files you're talking about? If you are trying to package an app for other users, you can use the setup.xml to direct your users to specify where the file/directory is they'd like to index. They can set this up while installing/setting up the app. I wouldn't advise putting anything in $SPLUNK_HOME/var/log -- that's for internal Splunk logs.

0 Karma
Reply
Solved! Jump to solution

Marinus
Communicator
‎04-06-2010 08:04 AM

Thank you Emma, what about file that you are indexing. I currently keep them in the app directory. Would you advise $SPLUNK_HOME/var/log? I've also noticed that Splunk sometimes tries to read some of these files as config files, thought it would be limited to app/[local|default].

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...