Dashboards & Visualizations

Which app.conf to edit for my application

SalVen
Engager

I am new to Splunk, writing my first application. All the documentation regarding .conf files says NOT to modify files in the default folders, and only work with files in local. This is great and makes sense.

However, when it comes to app.conf, (1) the UI itself edits the file in default and (2) the documentation points to $SPLUNK_HOME/etc/apps/<your_app_name>/default/app.conf.

What is the best practice?

Thank you

 

p.s. Documentation links:

https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/configureappproperties/

https://dev.splunk.com/enterprise/docs/developapps/createapps/addnavsplunkapp/

 

Labels (1)
0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@SalVen 

 

For the existing application (Splunk App OR Add-on ), it is always best practice to edit any conf file in local folder.

 

If you are developing Splunk app and you have your app specific configurations then it should be in default folder. So when you upload on Splunk base OR you want to deploy in any Client's Splunk instance  then they can easily modify the configuration by updating conf file in local folder. 

 

I hope you got your answer. If you have any confusion OR any sample use case about conf file update then please let us know.

 

Happy Splunking

 

 

 

View solution in original post

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@SalVen 

 

For the existing application (Splunk App OR Add-on ), it is always best practice to edit any conf file in local folder.

 

If you are developing Splunk app and you have your app specific configurations then it should be in default folder. So when you upload on Splunk base OR you want to deploy in any Client's Splunk instance  then they can easily modify the configuration by updating conf file in local folder. 

 

I hope you got your answer. If you have any confusion OR any sample use case about conf file update then please let us know.

 

Happy Splunking

 

 

 

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...