Currently I'm building Splunk apps that I'm using specifically as configuration bundles to push out via the deployment server based on the role of the server (indexer, search head, universal forwarder, etc). These apps only hold specific configuration files such as props.conf, transforms.conf, et cetera based on the server role. I noticed that the apps I've been delivering to the search head are showing up for my users in the "App context" drop-down when you view "Searches, reports, and alerts" in the Knowledge Settings menu. I have a feeling I must have some misconfiguration in my apps permissions, but am not quite sure where.
Here is an example default.meta configuration file for one of the configuration bundle apps currently deployed to the Search Head.
[]
access = read : [ * ], write : [ admin ]
export = system
This particular app config bundle simply sets up some REPORTS and FIELD-ALIAS's for a specific sourcetype based on a specific index. I want to make sure that my users can still see these knowledge objects and that these objects are shared between all apps without the "app" showing up where it isn't supposed to, such as the "App context" drop-down menu in "Searches, reports, and alerts" settings page.
On your deployment server, make sure that:
$SPLUNK_HOME/etc/deployment-apps/your_app/default/app.conf
Contains
[ui]
is_visible = false
On your deployment server, make sure that:
$SPLUNK_HOME/etc/deployment-apps/your_app/default/app.conf
Contains
[ui]
is_visible = false