Databases Reference
In-Depth Information
savedsearches.conf
This configuration contains saved searches and is rarely modified by hand.
times.conf
This configuration holds definitions for time ranges that appear in the time picker.
commands.conf
This configuration specifies commands provided by an app. We will use this in
Chapter 12
,
Extending Splunk
.
web.conf
The main settings changed in this file are the port for the web server, the SSL
certificates, and whether to start the web server at all.
User interface resources
Most Splunk apps consist mainly of resources for the web application. The app
layout for these resources is completely different from all other configurations
Views and navigation
Like
.conf
files, view and navigation documents take precedence in the
following order:
1.
$SPLUNK_HOME/etc/users/$username/$appname/local
: When a new
dashboard is created, it lands here. It will remain here until the permissions
are changed to
App
or
Global
.
2.
$SPLUNK_HOME/etc/apps/$appname/local
: Once a document is shared,
it will be moved to this directory.
3.
$SPLUNK_HOME/etc/apps/$appname/default
: Documents can only be placed
here manually. You should do this if you are going to share an app.
Unlike
.conf
files, these documents
do not
merge.
Search WWH ::
Custom Search