Does anyone know if "xMatters Actionable Alerts for Splunk" app is supported in the Search Clustered environment
I tried with standalone search head, it works fine. I am able to get the alert through xMatters.
I am having hard time getting it work through search deploy server -> search head cluster.
The app requires URL and Passwords to be set up. Not sure how to supply through Search Deployer.
I worked with xMatters app long time back, but I can't recall now what I did.
From my experience I'm giving the below suggestion, you can try and check if it helps.
First, get the app configuration files from the standalone Search Head which is having URL and password parameters.
Now, while deploying the app via Search Deployer, add this configuration file with all the parameters and values from standalone search head. It will be having some password parameter and encrypted password, remove the encrypted password and rewrite the password as clear text. Splunk automatically encrypt the password after deployment.
For more details, you can check the following documentation,
Gurav has some details that might help, but if not, we note in the installation docs here that:
If your Splunk is configured in a clustered environment, make sure you deploy the xMatters app at the deployer level, and not in the Search Head Cluster. See the Splunk documentation for more information on using the deployer to distribute apps.
The link goes on to note:
Caution: You must use the deployer, not the deployment server, to distribute apps to cluster members. Use of the deployer eliminates the possibility of conflict with the run-time updates that the cluster replicates automatically by means of the mechanism described in Configuration updates that the cluster replicates.
I'm not too familiar with the exact process, but we've had customers successfully use this method (hence why it's in the docs). If you are still having trouble, post back and let's see if we can sort it out.