• Security

    How to remove default app for admin user?

    bheemireddi
    Communicator

    Hi, Thought I might get some help here. I installed Splunk and when I login first time I changed the settings for admin user including default app, It was by default launcher, but I selected to be none. So now if I go into admin settings page I don't see the app selected (which is supposed to happen). But when I see under Access Controls->users page, for admin user I still see "launcher" in default app column. Is this normal behavior? The reason I want no app is I would like make all the conf changes under $SPLUNKHOME/etc/apps/system/local instead of a specific app.

    Thanks for your response.

    Tags (2)

    martin_mueller
    SplunkTrust
    SplunkTrust

    You still see launcher because that's the default app globally. You can override that per role, without anything set there the global value carries over. That can again be overridden per user, without anything set there the role value carries over.

    Your approach cannot really work though, because you always are within an app when logged into the Splunk UI. Take a look at your Settings URLs, they always contain an app name after /manager/ unless they are inherently system-wide settings such as licensing.

    In order to specifically drop configurations in system/local you should edit the .conf files there.
    Depending on what you're trying to do it may be better practice to create an app specifically for your configuration though.

    bheemireddi
    Communicator

    Hi Martin,
    Thanks for clarification. I do see those apps names in the URLs, but I still had a question, when I add inputs in the GUI, (I was changing the sourcetype, creating new sourcetype), I see the props.conf created under system/local and inputs.conf created under search (I was in search app). Wondering why props.conf created in global?

    Thanks for your response.

    0 Karma
    Get Updates on the Splunk Community!

    Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

    WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

    Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

    Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

    Enterprise Security Content Update (ESCU) | New Releases

    In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...