Why do we have the --not exporting configurations globally to system-- message?


We have this message popping out -

-- Search peer SH name has the following message: Health Check: One or more apps ("SA-cim_vladiator-master") that had previously been imported are not exporting configurations globally to system. Configuration objects not exported to system will be unavailable in Enterprise Security.

Why is it?

Tags (3)
0 Karma


Hi Daniel,

what the message says is that the knowledge objects defined inside the SA-cimvalidator-master app cannot be seen from inside the Splunk Enterprise Security App, unless they are declared as "system". I assume that you have installed ES recently, which in turn activates the check for non-global objects in the health check. To resolve the "error" either remove the SA-cimvalidator-master app or change the permissions of the app's knowledge objects to system. The error could also come from recent changes to the SA.../metadata/*.meta files that have in effect changed the permissions.

Best regards



Do you know if there are any other common causes for this?

I am getting the same error described above except I have three separate apps listed, none of which are SA-CIM...

I checked the first one in the GUI by going to Settings > Knowledge > All Configurations and under Permissions for all of the affected apps it's set to Global. When I open the permissions it's set so that Everyone can Read. I assume this should be sufficient.

I also checked the metadata file in local and for each type (tags, event types, transforms, props, lookups, virestates) they all have export = system.

Any ideas?

0 Karma

you will need to put this setting in the add-on's metadata/local.meta file to allow everyone read access to all the objects defined in the add-on or app by default. That would stop the messages from showing up

access = read : [ * ], write : [ admin ]
export = system


Thank you! I updated the file on the deployment server and redeployed the apps. Now the error is gone!

0 Karma

Path Finder

Is it safe to change ths setting?

0 Karma