Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

user-prefs.conf in a custom app

brent_weaver
Builder
‎08-26-2017 08:17 AM

I am creating a custom app for my company and I have put user-prefs.conf in default. The SHC always complains about this file when push a bundle and a restart is required. Am I not supposed to house this file within an app, does it need to go in etc/system/local?

Any help is much appreciated becauase at this point I cannot do a rolling restart of my SHC.

Tags (1)
0 Karma
Reply

brent_weaver
Builder
‎08-27-2017 06:53 AM

Yes the roles exist:

[general_default]
default_earliest_time = -1h
default_latest_time = now

[role_predix-ops-user]
default_namespace = GE_Predix_App

[role_predix-sec-user]
default_namespace = GE_Predix_App

[role_predix-admin]
default_namespace = launcher

Is there something wrong with the file? In there an issue with the general_default section? The roles exist in the same app actually:

[role_predix-admin]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = admin
srchIndexesAllowed = *;_*
srchIndexesDefault = *
srchMaxTime = 0

[role_predix-sec-user]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = *;_*
srchIndexesDefault = *_security
srchMaxTime = 0

[role_predix-ops-user]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = *_predix_*;_*;last_chance_predix
srchIndexesDefault = *_predix_*
srchMaxTime = 30d
srchJobsQuota = 15
rtSrchJobsQuota = 1

Any insight is much appreaciated!

0 Karma
Reply

brent_weaver
Builder
‎08-27-2017 07:07 AM

Something very worthy of note is that this only happens in our SHC, not on our stand alone nodes. I cannot even do a rolling restart of the cluster

0 Karma
Reply

ddrillic
Ultra Champion
‎08-26-2017 05:36 PM

In our case, we use $SPLUNK_HOME/etc/shcluster/apps/user-prefs/local/user-prefs.conf on the deployer to map the splunk roles to the default_namespace - an app.

user-prefs.conf

says -

-- To use one or more of these configurations, copy the configuration block into user-prefs.conf in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to enable configurations.

0 Karma
Reply

ryanhast
Explorer
‎08-26-2017 08:50 AM

Is the role that your user-prefs.conf not deployed to you SHC? What is the error that SHC is barking about?
I my SHC I package the user-prefs.conf in a separate package to deploy to SHC. Any changes I make them there.

0 Karma
Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...
Top