Splunk Enterprise

How to Prevent /lib folder of an app to be overridden?

GaetanVP
Contributor

Hello Splunkers,

I would like to know if it's possible to prevent /lib path of a Splunk app to be overridden after an upgrade of this app.

For instance, I edited the cacert.pem file in the following path

/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/lib/certifi/cacert.pem

 And after the upgrade of the Splunk_TA_microsoft-cloudservices app, the cacert.pem has been replaced during the upgrade.

Would it be possible to avoid that ?

Regards,

GaetanVP  

Labels (2)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

If you move the cert to the local directory then it won't be overwritten during an upgrade.

/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/cacert.pem
---
If this reply helps you, Karma would be appreciated.

View solution in original post

SplunkExplorer
Contributor

I confirm @richgalloway words. Local folders are designed to enable custom change without risks of update overrides; this help also to avoid custom/manual change in default folders, that shouldn't be changed as it's not a Splunk best pratice.

richgalloway
SplunkTrust
SplunkTrust

If you move the cert to the local directory then it won't be overwritten during an upgrade.

/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/cacert.pem
---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...