Solved: When editing app properties in my Splunk SHC as an...

tnerpel_splunk · ‎02-08-2017

(creating this to answer)

Details:

Search Head Cluster (SHC)
v6.5.2
Logged in as admin

When going to manage apps and then clicking Edit properties the edit page opens, but has a red "You do not have permissions to edit this configuration." banner at the top of the page. There is no save button, only a cancel option.

tnerpel_splunk · ‎02-08-2017

This is expected behavior in a SHC environment. If you need to edit any properties, you should do it at the Deployer level and then push the shcluster-bundle down to the members. This is to keep apps from behaving differently or having different settings and properties inside of the SHC.

View solution in original post

jmclean · ‎06-05-2019

So why would the "Edit properties" link be there at all? If it was simply a method of viewing the properties it should be renamed to "View properties".

tnerpel_splunk · ‎02-08-2017

This is expected behavior in a SHC environment. If you need to edit any properties, you should do it at the Deployer level and then push the shcluster-bundle down to the members. This is to keep apps from behaving differently or having different settings and properties inside of the SHC.

jmclean · ‎06-05-2019

So then that link should be renamed from "Edit properties" to "View properties".

AnilPujar · ‎05-18-2019

how to disable default search app?

do i need to push search app also from deployer? after editing app.conf?

When editing app properties in my Splunk SHC as an admin, why am I getting a "You do not have permissions to edit this configuration." banner?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases