Knowledge Management

Does anyone have splunk file structure diagram


Do anyone of you have Splunk directories and file structure diagram with paths to config files similar to the one on the below link

Tags (3)
0 Karma

Splunk Employee
Splunk Employee

Actually, that link may have the diagram you are looking for. I have attached the specific image that I think will be helpful. If you look at bottom portion of the image that starts at $SPLUNK_HOME you can see the file paths to particular apps through the $SPLUNK_HOME/etc/apps path. Each of those apps will have a structure that is similar to the orange and green "$APP_HOME" diagram at the top of the attached picture where you will be able to edit your configuration files for a specific app (in the local directory which is at the right of the diagram).

It is important to remember the precedence of configuration files whenever making changes to them. Below is a link that explains configuration file precedence and a list of both Global configuration files and App/User specific configuration files.

alt text

Not applicable

This is very good.
Thank you @mroman

0 Karma


This helped a lot! thank you!!

0 Karma


Are TAs installed in the same place as Apps? Correct me if wrong, but shouldn't Add-Ons be installed on the indexers and Apps on the Search Heads in a clustered environment?

0 Karma


As usually it depends. If those apps have any views/dashboards then those are installed on sh layer. Usually “apps” (aka TAs) w/o views are installed mainly on heavy forwarded (some time UF or IDX), but I think that there are also times when those are also installed on sh-layer too (e.g. fields definitions),

0 Karma

New Member

My thoughts are that you should read the app/add-on description. The developer must have mentioned how and were to install the app/add-on.

0 Karma


@vrmandadi... Same page has another detailed diagram.

If you want to create a Splunk App you can refer to the following as well:

| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...