- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Enterprise
- :
- How to combine apps?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to combine apps?
I have several apps I have built in Splunk Enterprise 8.2.5. Each one is in a separate folder under /etc/apps on my search head and each has numerous lookups/macros etc. configured. The problem I have is I wish to combine them all into a single app as they are all used by the same people. The problem is I source control them in Git so I can easily make a change, update Gut and re-deploy the app to the search head. This amounts to it clearing out the app/<app> folder and pulling down the latest version from Git. This works great.
Now if I move everything to a single app how can I keep a folder for each 'sub app' for I can keep my Git model? Essentially I want this new app to just have a set of Navigations/Dashboards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no concept of "sub-apps" in Splunk. An app is simply a collection of configurations and supplementary files. There is no way to distinguish between your sort of "sub-configurations". There is a really nice diagram to illustrate the anatomy of a Splunk App here.
If I understand your question correctly, I suggest keeping your current model and not merging your apps together. What exactly are you looking to achieve by merging the apps?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I have explained it poorly. I guess when I think about it what I wish to achieve is a s follows:
Problem: I have multiple search apps that have various views, navigations, macros etc. I source control the apps in Git and when I wish to create a new version of the app I do so by updating Git and deploying the folder/files from that Git repository to my search head. This works well. Each app shows in the UI as a separate entity under the Apps dropdown
I have been re-evaluating these apps as most of them are used by the same team. They have asked me if I could combine them into one app (all dashboards, views and navigation etc.) so they only have to navigate one app the in the Apps dropdown. I wish though to maintain my deployment model within GIT so combining them all into one single app/folder is a challenge in this regard.
So, now that I think of it is the following possible?
- Keep all apps separate so I keep my deployment model
- Remove the navigation items from these apps
- Create a new app that only has the navigation/views from the other apps?
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
