If you do much beyond building searches and dashboards, sooner or later you will need to edit files in the filesystem directly. All apps live in
$SPLUNK_HOME/etc/apps/. On Unix systems, the default installation directory is
/opt/splunk. On Windows, the default installation directory is
This is the value that
$SPLUNK_HOME will inherit on startup.
Stepping through the most common directories, we have:
commands.conf. This is also a common location ...