Manage app and add-on objects

Manage app and add-on objects

When an app or add-on is created by a Splunk user, a collection of objects is created that make up the app or add-on. These objects can include views, commands, navigation items, event types, saved searches, reports, and more. Each of these objects have permissions associated with them to determine who can view or alter them. By default, the admin user has permissions to alter all the objects in the Splunk system.

Refer to these topics for more information:

• For an overview of apps, refer to "What are apps and add-ons?" in this manual.
• For more information about app and add-on permissions, refer to "App architecture and object ownership" in this manual.
• To learn more about how to create your own apps and add-ons, refer to the Developing Views and Apps for Splunk Web manual.

View and manage app/add-on objects in Manager

To see and control the objects for all the apps on your your system, use Splunk Manager in Splunk Web. You can use Manager to view the objects in your Splunk deployment in the following ways:

• To see all the objects for all the apps/add-ons on your system at once: Manager > All configurations.
• To see all the saved searches and report objects: Manager > Searches and reports.
• To see all the event types: Manager > Event types.
• To see all the field extractions: Manager > Fields.

You can:

• View and manipulate the objects on any page with the sorting arrows
• Filter the view to see only the objects from a given app or add-on, owned by a particular user, or those that contain a certain string, with the App context bar.

Use the Search field on the App context bar to search for strings in fields. By default, Splunk searches for the string in all available fields. To search within a particular field, specify that field. Wildcards are supported.

Note: For information about the individual search commands on the Search command page, refer to the Search Reference Manual.

Update an app using the CLI

To update an existing app on your Splunk instance using the CLI:

./splunk install app <app_package_filename> -update 1 -auth <username>:<password>

Splunk updates the app based on the information found in the installation package.

Disable an app using the CLI

To disable an app via the CLI:

./splunk disable app [app_name] -auth <username>:<password>

Note: If you are running Splunk Free, you do not have to provide a username and password.

Uninstall an app

To remove an installed app from a Splunk installation:

1. (Optional) Remove the app's indexed data. Typically, Splunk does not access indexed data from a deleted app. However, you can use Splunk's CLI clean command to remove indexed data from an app before deleting the app. See Remove data from indexes with the CLI command.

2. Manually delete the app directory: $SPLUNK_HOME/etc/apps/<appname>

3. Remove any user-specific app directories specifically created for your app by deleting the files specified by: $SPLUNK_HOME/splunk/etc/users/*/<appname>

4. Restart Splunk.

• Was this topic useful?
• Post a comment