All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does anyone know if "xMatters Actionable Alerts for Splunk" app is supported in the Search Clusters environment

sureshwalmart
Explorer
‎08-10-2019 08:28 AM

Does anyone know if "xMatters Actionable Alerts for Splunk" app is supported in the Search Clustered environment

I tried with standalone search head, it works fine. I am able to get the alert through xMatters.

I am having hard time getting it work through search deploy server -> search head cluster.

The app requires URL and Passwords to be set up. Not sure how to supply through Search Deployer.

0 Karma
Reply

tdepuy
Path Finder
‎08-13-2019 11:08 AM

Hey Suresh,
Gurav has some details that might help, but if not, we note in the installation docs here that:

If your Splunk is configured in a clustered environment, make sure you deploy the xMatters app at the deployer level, and not in the Search Head Cluster. See the Splunk documentation for more information on using the deployer to distribute apps.

The link goes on to note:

Caution: You must use the deployer, not the deployment server, to distribute apps to cluster members. Use of the deployer eliminates the possibility of conflict with the run-time updates that the cluster replicates automatically by means of the mechanism described in Configuration updates that the cluster replicates.

I'm not too familiar with the exact process, but we've had customers successfully use this method (hence why it's in the docs). If you are still having trouble, post back and let's see if we can sort it out.
Happy Tuesday!

0 Karma
Reply

gaurav_maniar
Builder
‎08-13-2019 05:46 AM

Hi Suresh,

I worked with xMatters app long time back, but I can't recall now what I did.
From my experience I'm giving the below suggestion, you can try and check if it helps.

First, get the app configuration files from the standalone Search Head which is having URL and password parameters.

Now, while deploying the app via Search Deployer, add this configuration file with all the parameters and values from standalone search head. It will be having some password parameter and encrypted password, remove the encrypted password and rewrite the password as clear text. Splunk automatically encrypt the password after deployment.

For more details, you can check the following documentation,
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Deploysecurepasswordsacrossmultipleserve...

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...