Splunk Enterprise
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Re: user-prefs.conf in a custom app
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
user-prefs.conf in a custom app
brent_weaver
Builder
08-26-2017
08:17 AM
I am creating a custom app for my company and I have put user-prefs.conf in default. The SHC always complains about this file when push a bundle and a restart is required. Am I not supposed to house this file within an app, does it need to go in etc/system/local?
Any help is much appreciated becauase at this point I cannot do a rolling restart of my SHC.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
brent_weaver
Builder
08-27-2017
06:53 AM
Yes the roles exist:
[general_default]
default_earliest_time = -1h
default_latest_time = now
[role_predix-ops-user]
default_namespace = GE_Predix_App
[role_predix-sec-user]
default_namespace = GE_Predix_App
[role_predix-admin]
default_namespace = launcher
Is there something wrong with the file? In there an issue with the general_default section? The roles exist in the same app actually:
[role_predix-admin]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = admin
srchIndexesAllowed = *;_*
srchIndexesDefault = *
srchMaxTime = 0
[role_predix-sec-user]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = *;_*
srchIndexesDefault = *_security
srchMaxTime = 0
[role_predix-ops-user]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = *_predix_*;_*;last_chance_predix
srchIndexesDefault = *_predix_*
srchMaxTime = 30d
srchJobsQuota = 15
rtSrchJobsQuota = 1
Any insight is much appreaciated!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
brent_weaver
Builder
08-27-2017
07:07 AM
Something very worthy of note is that this only happens in our SHC, not on our stand alone nodes. I cannot even do a rolling restart of the cluster
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ddrillic
Ultra Champion
08-26-2017
05:36 PM
In our case, we use $SPLUNK_HOME/etc/shcluster/apps/user-prefs/local/user-prefs.conf on the deployer to map the splunk roles to the default_namespace - an app.
says -
-- To use one or more of these configurations, copy the configuration block into user-prefs.conf in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to enable configurations.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ryanhast
Explorer
08-26-2017
08:50 AM
Is the role that your user-prefs.conf not deployed to you SHC? What is the error that SHC is barking about?
I my SHC I package the user-prefs.conf in a separate package to deploy to SHC. Any changes I make them there.
Get Updates on the Splunk Community!
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Splunk App Dev Community Updates – What’s New and What’s Next
Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...
The Latest Cisco Integrations With Splunk Platform!
Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
