Security

Force tags to be public upon creation

Jason
Motivator

We have a review process set up in Splunk where multiple end users log in and tag individual events. These tags MUST be public by default so other users will not duplicate work. Forcing each user to go into manager and make all their tags public is not acceptable - it is way too much work for hundreds of review items every day.

What options do I have for forcing all tags to be public (app-level) upon creation?

Tags (2)

ziegfried
Influencer

It's possible by influencing the UI Javascript. But that's a rather sophisticated customization.

Jason
Motivator

Ok, I sent you an email.

0 Karma

ziegfried
Influencer

Yes, I've done it in the past. But this is a little too extensive to be described here. Essentially it's modifying the behavior of the EventsViewer module using a custom application.js.

0 Karma

Jason
Motivator

Do you know how to do it?

0 Karma

Jason
Motivator

Symbolic AND hard links don't work, Splunk appears to remove the file before rewriting it. It appears Linux does not have the ability to allow write but disallow delete of the one tags.conf file in etc/users/username/appname/local while allowing updating of the other files.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...