Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Set Default App by Role?

bmacias84
Champion
‎03-15-2013 09:19 AM

Hello,
Is there a way to set default app based on role? I know I can set default app through user-prefs.conf or through the GUI per user; however, this seems a little tedious if users are being mapped through LDAP or scripted authentication.

Thanks in advance.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎03-15-2013 10:00 AM

it's in defined in the role as "default app" in manager > access controls > Roles > ....
And can be overwritten by the users in their own user preferences.
I do not know who win in case of roles inheritance, or users members of multiple roles.

View solution in original post

Reply
Solved! Jump to solution

kml_uvce
Builder
‎03-16-2013 09:24 PM

Try this:
In user-prefs.conf file write this:
default_namespace =

Like to admin give default app as search
$SPLUNK_HOME/etc/users/admin/user-prefs/local/user-prefs.conf
default_namespace = search

-Kamal Bisht

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎03-15-2013 10:00 AM

it's in defined in the role as "default app" in manager > access controls > Roles > ....
And can be overwritten by the users in their own user preferences.
I do not know who win in case of roles inheritance, or users members of multiple roles.

Reply
Solved! Jump to solution

sansay
Contributor
‎12-22-2015 03:16 PM

Today I had to deal with this issue, and I found out that the path in the hosts of our cluster is

etc/apps/user-prefs/local/user-prefs.conf

We have version 6.2.5

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎09-16-2013 03:04 PM

yes, see http://docs.splunk.com/Documentation/Splunk/5.0.4/Admin/Whatsanapp

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎09-16-2013 02:56 PM

Ugh. Yes, thanks. Splunkbase mangled my comment. I guess if you use corner brackets in a comment it thinks you're trying to write xml.

0 Karma
Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎09-16-2013 01:35 PM

don't you mean

[role_user]
default_namespace = app_name

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎07-02-2013 02:12 PM

Actually, although most things on that page are set in authorize.conf, the "default app" setting ends up in user-prefs.conf, written to etc/apps//local/user-prefs.conf

as

[role_user]
default_namespace =

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎03-19-2013 09:04 AM

authorize.conf, usually in $SPLUNK_HOME/etc/system/local

0 Karma
Reply
Solved! Jump to solution

bmacias84
Champion
‎03-15-2013 10:14 AM

Do which conf file I would edit in stead of using the Web UI? I prefer to do all management through conf files with an large env. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...