Hi folks,
is it possible to do a "folder-lock" mechanism for a splunk app ?
Basic requirement is, i dont want my splunk admins to see the contents of /opt/splunk/etc/secretapp
possible to achieve via Splunk ? is there any app/folder level encryption can be done ?
if you mean to disallow OS user to see/list content of the splunk folder, then it can easily be done with OS permissions.
But most of the configuration can be accessed via Splunk UI or REST API, directly or using a suitable app like this: https://splunkbase.splunk.com/app/4353/
The one way to achieve your goal would be to rewrite the SPL logic with C++ or python and build custom splunk commands/lookups: https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/
https://docs.splunk.com/Documentation/Splunk/8.0.1/Knowledge/Configureexternallookups