Dashboards & Visualizations
Highlighted

How can I transition my use cases on the Splunk Instance into separate applications?

Path Finder

Hello,

I inherited my Splunk instance from the previous owner and they had built out all of their indexes/ dashboards in the search & reporting app. I want to have different permissions for indexes and dashboards so I need to transition all of my use cases into separate applications.

One part I don't understand is where do all of the private dashboards/reports/searches of all my users live? Do they remain in the search & reporting app and it doesn't matter because they're private?

0 Karma
Highlighted

Re: How can I transition my use cases on the Splunk Instance into separate applications?

Super Champion

all private dashboards, reports etc. will be in $SPLUNK_HOME/etc/users directory...they can only be seen by users who has created and admin only.

0 Karma
Highlighted

Re: How can I transition my use cases on the Splunk Instance into separate applications?

Path Finder

so really the only migrations I need to worry about is the public objects?

0 Karma
Highlighted

Re: How can I transition my use cases on the Splunk Instance into separate applications?

Super Champion

yes only public shared objects

0 Karma
Highlighted

Re: How can I transition my use cases on the Splunk Instance into separate applications?

Path Finder

thank you!

0 Karma
Highlighted

Re: How can I transition my use cases on the Splunk Instance into separate applications?

SplunkTrust
SplunkTrust

hello there,

check out this answer and the file hierarchy diagram.
https://answers.splunk.com/answers/521173/does-anyone-have-splunk-file-structure-diagram.html
its important to distinguish between app level items and private items as they are saved under different locations within the etc directory.
will recommend to first change all items (knowledge objects, views, reports, etc) permissions to app level.
then, decide how to split, divide and concur. create new apps and move the now app based files to the new relevant app.
for example, user = joe has a saved search named joesavedsearch in a private mode which he saved from search app. this search will be in savedsearches.conf under the /etc/users/joe/search/savedsearches.conf
when you will modify permission to "app" you the file will be now under /etc/apps/search/local/ directory.
now you can take that savedsearches. conf (or portions of it) and create a new savedsearches.conf in the new app you desire.

hope it helps

0 Karma