Splunk Enterprise

How to combine apps?

shocko
Contributor

I have several apps I have built in Splunk Enterprise 8.2.5. Each one is in a separate folder under /etc/apps on my search head and each has numerous lookups/macros etc. configured. The problem I have is I wish to combine them all into a single app as they are all used by the same people. The problem is I source control them in Git so I can easily make a change, update Gut and re-deploy the app to the search head. This amounts to it clearing out the app/<app> folder and pulling down the latest version from Git. This works great.

Now if I move everything to a single app how can I keep a folder for each 'sub app' for I can keep my Git model? Essentially I want this new app to just have a set of Navigations/Dashboards 

Tags (1)
0 Karma

Tom_Lundie
Contributor

There is no concept of  "sub-apps" in Splunk. An app is simply a collection of configurations and supplementary files. There is no way to distinguish between your sort of "sub-configurations". There is a really nice diagram to illustrate the anatomy of a Splunk App here.

If I understand your question correctly, I suggest keeping your current model and not merging your apps together. What exactly are you looking to achieve by merging the apps?

0 Karma

shocko
Contributor

I think I have explained it poorly.  I guess when I think about it what I wish to achieve is a s follows:

Problem: I have multiple search apps that have various views, navigations, macros etc. I source control the apps in Git and when I wish to create a new version of the app I do so by updating Git and deploying the folder/files from that Git repository to my search head. This works well. Each app shows in the UI as a separate entity under the Apps dropdown 

I have been re-evaluating these apps as most of them are used by the same team. They have asked me if I could combine them into one app (all dashboards, views and navigation etc.)  so they only have to navigate one app the in the Apps dropdown. I wish though to maintain my deployment model within GIT so combining them all into one single app/folder is a challenge in this regard.

So, now that I think of it is the following possible?

  1. Keep all apps separate so I keep my deployment model
  2. Remove the navigation items from these apps
  3. Create a new app that only has the navigation/views from the other apps?

 

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...