Solved: Re: How Do I Make Host Tags Viewable By Everyone

gekoner · ‎09-29-2011

Per billbender's question asked back in 23 Mar...
Was this feature still not added in any of the 4.2.x versions?

rtadams89 · ‎12-21-2011

Have you seen this topic: http://splunk-base.splunk.com/answers/26585/force-tags-to-be-public-upon-creation ? While the solution isn't publically posted, it sounds like there is a way to do it.

The other option I can think of would be to run a scheduled script that takes the tags.conf file from each Splunk user's directory and merges them into one tags.conf file in $SPLUNK_HOME/etc/system/local/. Optionally, the script could do some more advanced processing/filtering to only copy specific tags to the /local tags.conf. The downfall here is that Splunk needs to be restarted after the tags.conf file is changed for the changes to be seen.

View solution in original post

rtadams89 · ‎12-21-2011

Have you seen this topic: http://splunk-base.splunk.com/answers/26585/force-tags-to-be-public-upon-creation ? While the solution isn't publically posted, it sounds like there is a way to do it.

The other option I can think of would be to run a scheduled script that takes the tags.conf file from each Splunk user's directory and merges them into one tags.conf file in $SPLUNK_HOME/etc/system/local/. Optionally, the script could do some more advanced processing/filtering to only copy specific tags to the /local tags.conf. The downfall here is that Splunk needs to be restarted after the tags.conf file is changed for the changes to be seen.

gekoner · ‎01-18-2012

OK, so you are saying it is still not a feature in the current version, but there are workarounds, albeit messy ones. But aren't they always?

How Do I Make Host Tags Viewable By Everyone

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases