Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to distribute the default app, if I want to do some changes to the default app to the SHC members?

super_saiyan
Communicator
‎04-24-2022 09:17 PM

how to distribute the default app, if I want to do some changes  to the default app to the SHC members ?

Tags (1)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-24-2022 10:23 PM

@super_saiyan - It is not recommended to make changes to default apps. Specifically for the SHC environment. I would always avoid it.

You can create a custom App, and put your configuration, dashboard, alert, etc in that instead.

Is there any specific requirement to make changes to the default App? In most cases, you should be able to apply the above resolution.

------
I hope this helps!!!

Reply

super_saiyan
Communicator
‎04-24-2022 11:31 PM

but how do you distribute ? can give me some step by step process

in search head clustering to search head clustering member.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-25-2022 12:29 AM

Please read this documentation section https://docs.splunk.com/Documentation/Splunk/8.2.6/DistSearch/HowconfigurationworksinSHC especially this document https://docs.splunk.com/Documentation/Splunk/8.2.6/DistSearch/PropagateSHCconfigurationchanges

There is quite a lot going on with using deployer on SHC so it's important that you understand it.

Reply

super_saiyan
Communicator
‎04-25-2022 12:34 AM

is it possible to distribute from Deployer of the default app ?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎04-25-2022 02:06 AM

It's strongly guided to really don't do it, as this normally leads unusable SHC cluster default app and probably also some other issues. 

As other already said, please create your own "Default" app where users should create their KO's etc. and then deploy to it as needed. Even better is create several Apps for them based on your business systems etc. Give to those access by roles and you will get better granularity for security and access to those KOs.

r. Ismo

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...