This is a place to discuss all things outside of Splunk, its products, and its use cases.

Feature Request : Add More ACL Between "Global" and "App"


Dear Splunk-
Please add more levels between "Global" and "App". I would like the ability to share Knowledge Objects between select apps. Right now, it seems to be "All or Nothing". Having to make copies of a Lookup, for example, in order to have it in more than one app rather than exposing it to ALL apps is very inconvenient.

Right now, we are suffering from TONS of LookupOperator entries in every single search because the Lookups have been set to 'Global'.

Thanks for Reading,
Mike B.
(A Long-Suffering Splunk Admin) 🙂

0 Karma


So app import is a thing... part of core, primarily used in ES... basically instead of having all exported KOs available in the app, you only have KOs from other apps you import into a particular app, and the imported apps don't export anything... all KOs from the imported apps are available in the apps that import them.

For your scenario here, you could have Two apps could import the same TA (that holds your lookup/KOs without export) and thus can share KOs without them being shared globally....

But the dragons here are, there is no UI, it's not well documented, (not even in default.meta.spec), and the new version of ES just had an "enhancement" to not use it anymore so... yeah... not sure what to think.... https://docs.splunk.com/Documentation/ES/5.3.0/RN/Enhancements


Thanks! Upvoted. It's possible this could be the only answer as well.

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...