I am getting an apps in the SPLUNK web ui named abc...but when ever I am going to $SPLUNK_HOME/etc/apps, that abc app is not present there. What could be the cause?
Go to manager > apps > find the abc app, and click the "view objects" link on that line.
What is your end goal with this app? Are you trying to make it so it doesn't show up anymore? Consider disabling it, or setting it to "visible" - no.
I have looked up the object links for abc...nothing is prset under Manager>All configurations for the abc app
Look up the objects linked to the app, and then look for the files that define those objects.
I have cheked all the app.conf file present on that particular server but did not get anywhere abc. Even tried to get abc as a folder or as a word in the server but did not find it.
Don't know if you noticed my comment before the clarification, but here it is again just in case:
"In which case you should use Ayn's hints and run a search for files named app.conf on the server where you have your Splunk installation. Then look through the files for one that is either in a folder "abc" or contains "abc" in it."
Yes...both the name and the folder name is abc....but there is no directory named abc under $SPLUNK_HOME/etc/apps
Also just to clarify, you are saying that in the manager > apps page, you have an app that has the value "abc" under both the name and folder name columns, correct?
In which case you should use Ayn's hints and run a search for files named app.conf on the server where you have your Splunk installation. Then look through the files for one that is either in a folder "abc" or contains "abc" in it.
I have tried the above steps...there also the name is abc but not able to find abc folder under $SPLUNK_HOME/etc/apps
If you go to manager > apps > "edit properties" for the app named "abc", at the top it will tell you what the "behind the scenes" name of the app is - as in where you'll find it in the etc/apps directory.
You will also be able to change what is being displayed as the app name, under the "name" field for the app.
Hope this helps.
The app's label is defined in the app's app.conf so you'd have to look at the label
string there rather than the app's directory name to find which of them is "abc".
as there is no app named abc at $SPLUNK_HOME/etc/apps so app.config file is also not present there