Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to remove default app for admin user?

bheemireddi
Communicator
‎07-16-2014 04:43 PM

Hi, Thought I might get some help here. I installed Splunk and when I login first time I changed the settings for admin user including default app, It was by default launcher, but I selected to be none. So now if I go into admin settings page I don't see the app selected (which is supposed to happen). But when I see under Access Controls->users page, for admin user I still see "launcher" in default app column. Is this normal behavior? The reason I want no app is I would like make all the conf changes under $SPLUNKHOME/etc/apps/system/local instead of a specific app.

Thanks for your response.

Tags (2)
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-17-2014 03:26 AM

You still see launcher because that's the default app globally. You can override that per role, without anything set there the global value carries over. That can again be overridden per user, without anything set there the role value carries over.

Your approach cannot really work though, because you always are within an app when logged into the Splunk UI. Take a look at your Settings URLs, they always contain an app name after /manager/ unless they are inherently system-wide settings such as licensing.

In order to specifically drop configurations in system/local you should edit the .conf files there.
Depending on what you're trying to do it may be better practice to create an app specifically for your configuration though.

Reply

bheemireddi
Communicator
‎07-17-2014 07:17 AM

Hi Martin,
Thanks for clarification. I do see those apps names in the URLs, but I still had a question, when I add inputs in the GUI, (I was changing the sourcetype, creating new sourcetype), I see the props.conf created under system/local and inputs.conf created under search (I was in search app). Wondering why props.conf created in global?

Thanks for your response.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...