Splunk Search
Highlighted

Where should the tags.conf file be located?

SplunkTrust
SplunkTrust

I am beginning to work with tags and am having partial success. I have a tags.conf file that I dropped into the local directory of a new app I created. I then restarted and started to try to search based on the tagging configuration. I could not find anything.

After reading some documentation, I was led to believe that the tags.conf file should be in the system configuration, so I dropped it in the local directory there. Sure enough, I was able to search and find events based on the tags configured. However, when I load up a dashboard in the app I created, I am unable to find any events based on the tagging configuration.

Why isn't the tags configuration extending to all apps? Is the only proper location for it $splunkhome/etc/system?

Highlighted

Re: Where should the tags.conf file be located?

Champion

If you want to package the tags with your app and also want to make them available to the entire system, you'll need to configure the following in your appname/metadata/default.meta file:

[tags]
export = system

View solution in original post

Highlighted

Re: Where should the tags.conf file be located?

Motivator

Thank you that helped, and I found the answer sooner than I expected

0 Karma
Highlighted

Re: Where should the tags.conf file be located?

Super Champion

FYI. The format of tags.conf changes between 4.0 and 4.1. Just something to keep in mind. Splunk upgrades these automatically, but if your in an application deployment situation this can still cause some pain.