Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How I can install the same app/add-on multiple times?

norbertt911
Communicator
‎07-16-2020 12:57 AM

Hello,

I have 2 application servers, running the same application. In Splunk, I would like to handle the logs separately. To do this I collect the data separate indexes. Splunk has a nice app for this application with a lot of dashboards and reports.   I have two operators, but they have access just for one of the indexes. What I should do, if I would like that they can use the Splunk-app, but just for that index, where they have access? 

If I set the app's search macro to index A, Index B is out.  Adding a new search macro for index B means I need to add that all the existing searches-dashboards-reports.

How I can install the app 2 times with two different settings, pointing the different indexes?

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-16-2020 01:13 AM

Hi @norbertt911,

you could create two roles, one for each operator.

Then enable the app (and all the knowledge objects) for both the roles and one index for each role.

In this way, both the operators con see the app, but only with the own index.

Obviously, you have to modify your app addressing both the indexes, the best way to do this is using eventtypes (e.g. index=indexA OR index=indexB).

in this way you have only one app and you can manage the differences at role level.

Ciao.

Giuseppe

Reply

norbertt911
Communicator
‎07-16-2020 01:27 AM

Thank you,

... in this case for me, who had access both indexes will see a "mixture" of all logs in the app, right? (that not be good at all...)

Could install the same app if I modify the app's folder's name and the app.conf in the tgz file before? Do I need to change anything else?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-16-2020 01:40 AM

Hi @norbertt911,

if you want to avoid mixture, you could add an input option in the dashboards (I did it for a customer!).

About the app, you'll have only one app, you intevene on the Splunk environment (roles).

Ciao.

Giuseppe

Reply

norbertt911
Communicator
‎07-16-2020 01:46 AM

Thanks,

Looks like there is no easy way:)

Actually I try my theory and rename the app before install. It is working except for the update...

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-16-2020 01:48 AM

hi @norbertt911,

in other words, you have two apps to maintain!

you could use the Deployment Server to deploy both the apps.

Anyway, I hint to modify you app as I said: it's longer but more clear!

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...