Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Configuration bundle app is visible to users in "App Context". Are my Splunk app permissions not set correctly?

RJ_Grayson
Path Finder
‎02-08-2016 11:34 AM

Currently I'm building Splunk apps that I'm using specifically as configuration bundles to push out via the deployment server based on the role of the server (indexer, search head, universal forwarder, etc). These apps only hold specific configuration files such as props.conf, transforms.conf, et cetera based on the server role. I noticed that the apps I've been delivering to the search head are showing up for my users in the "App context" drop-down when you view "Searches, reports, and alerts" in the Knowledge Settings menu. I have a feeling I must have some misconfiguration in my apps permissions, but am not quite sure where.

Here is an example default.meta configuration file for one of the configuration bundle apps currently deployed to the Search Head.

[]
access = read : [ * ], write : [ admin ]
export = system

This particular app config bundle simply sets up some REPORTS and FIELD-ALIAS's for a specific sourcetype based on a specific index. I want to make sure that my users can still see these knowledge objects and that these objects are shared between all apps without the "app" showing up where it isn't supposed to, such as the "App context" drop-down menu in "Searches, reports, and alerts" settings page.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

masonmorales
Influencer
‎02-08-2016 04:48 PM

On your deployment server, make sure that:

$SPLUNK_HOME/etc/deployment-apps/your_app/default/app.conf

Contains

[ui]
is_visible = false

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

masonmorales
Influencer
‎02-08-2016 04:48 PM

On your deployment server, make sure that:

$SPLUNK_HOME/etc/deployment-apps/your_app/default/app.conf

Contains

[ui]
is_visible = false
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...