The default folder under SPLUNK_HOME/etc/apps/search has been overwritten and all my changes are now in a default.old./ folder. Now, my Search and Reporting app is invisible. This has caused an outage for all settings also. I can only see apps.conf in this new default folder which has the following contents:
[install]
install_source_checksum =
This new default folder is not even owned by the unix group Splunk but by the unix group 'user'.
If i try to delete this new default folder, rename default.old. to default and restart Splunk daemon, it does not work. The default gets overwritten again with the same problem.
Can anyone help in understanding what might be causing this?
... View more