Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to remove default app for admin user?

bheemireddi
Communicator
‎07-16-2014 04:43 PM

Hi, Thought I might get some help here. I installed Splunk and when I login first time I changed the settings for admin user including default app, It was by default launcher, but I selected to be none. So now if I go into admin settings page I don't see the app selected (which is supposed to happen). But when I see under Access Controls->users page, for admin user I still see "launcher" in default app column. Is this normal behavior? The reason I want no app is I would like make all the conf changes under $SPLUNKHOME/etc/apps/system/local instead of a specific app.

Thanks for your response.

Tags (2)
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-17-2014 03:26 AM

You still see launcher because that's the default app globally. You can override that per role, without anything set there the global value carries over. That can again be overridden per user, without anything set there the role value carries over.

Your approach cannot really work though, because you always are within an app when logged into the Splunk UI. Take a look at your Settings URLs, they always contain an app name after /manager/ unless they are inherently system-wide settings such as licensing.

In order to specifically drop configurations in system/local you should edit the .conf files there.
Depending on what you're trying to do it may be better practice to create an app specifically for your configuration though.

Reply

bheemireddi
Communicator
‎07-17-2014 07:17 AM

Hi Martin,
Thanks for clarification. I do see those apps names in the URLs, but I still had a question, when I add inputs in the GUI, (I was changing the sourcetype, creating new sourcetype), I see the props.conf created under system/local and inputs.conf created under search (I was in search app). Wondering why props.conf created in global?

Thanks for your response.

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...