Why is this app still called TA_sudo instead of TA...

kmarciniak · ‎03-08-2019

I'm not sure why the app makers just don't change the name of the app to TA-Sudo so the regex for importing apps in ESS works right from the get go. They mention to change the regex for TA_ but perhaps that imports unwanted apps into ESS that you may not want imported. It just seems changing ESS regex is more dramatic than just changing the app name by the makers to work with ESS.

doksu · ‎03-14-2019

@nickhillscpl is exactly right. I first published this app at a time when Splunk was trying to standardise on the TA_ convention so that's why it has the name it does, but that was later reverted to TA-. You could just rename the app folder to TA-sudo if changing ES is a problem.

nickhills · ‎03-08-2019

The way packages work on Splunkbase means you can't change the name of an app once its uploaded. (It would break all the update logic which Splunkbase provides if they allowed it)

The author would have to upload a second copy of the app with the new package name, and then to all intents and purposes, Splunkbase would treat it as a new application which means all of the install history would be lost, questions (like this one) on answers would be orphaned, and users who installed the original version would no longer be notified of any updates.

It's not a great answer to your question, but maybe that explains why the author may be reluctant to re-release under a different name.

If my comment helps, please give it a thumbs up!

Why is this app still called TA_sudo instead of TA-Sudo?

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability