Getting Data In

sourcetype visibility to Splunk Apps



I have a universal forwarder forwarding some log files to a Splunk index instance. I created a sourcetype for these log files. Now in the default search app, I can see the logs when I type "sourcetype=xxx". But the same sourcetype is not available in the Splunk app I created.

Is all sourcetypes visable to all Splunk apps? If not, where can I configure the permissions?


Tags (2)
0 Karma

Path Finder

See the responses here:

Basically, visibility at the sourcetype (and index) level is defined by the logged-in user's role, not by the application itself.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!