All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Fire Brigade Install on Distributed Environment

emiller42
Motivator
‎05-07-2015 08:06 AM

Hello!

I'm slightly confused about the installation procedure for Fire Brigade when using a distributed environment. (Separate Search Heads and Indexers) According to the doc and this answer, the TA goes on indexers, and the App goes on search heads. However, the App expects monitored_indexes.csv to exist, which is populated by a saved search that only exists in the TA. (So the csv file will be on the indexers, but not on the search heads)

Installing both the App and the TA to the search heads resolves this, but that doesn't match the documentation. Am I missing something?

For reference, this is what the search log reports when attempting to access the csv:

05-07-2015 10:08:41.441 WARN  ApplicationManager - Cannot import non-existent application: TA-fire_brigade
05-07-2015 10:08:41.449 WARN  SearchOperator:inputcsv - sid:1431011321.4138.search_head The lookup table 'monitored_indexes.csv' is invalid.
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎05-09-2015 10:50 AM

You're correct; the app tries to find the monitored index list, to display "how many are we keeping an eye on?". This would work just fine for a single instance install, but since version 6.0, the dbinspect search command is distributed, which means that if you install the TA on the SH as well, you'll double-measure your indexers.

A few folks have wondered about this, and since it's not truly relevant on the search head in a distributed environment, the next release won't include that panel.

View solution in original post

Reply
Solved! Jump to solution

ppablo
Retired
‎10-22-2015 01:52 PM

FYI, Fire Brigade version 2 will no longer be updated (latest version is 2.0.3). The newer versions 2.0.4 and higher will now be available with the original “Fire Brigade” app on Splunkbase which was just updated to support Splunk 6.3. This is noted on the page for Fire Brigade on Splunkbase:
https://splunkbase.splunk.com/app/1581/

If you have any questions, ping the developer of the app @sowings

Cheers!

0 Karma
Reply
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎05-09-2015 10:50 AM

You're correct; the app tries to find the monitored index list, to display "how many are we keeping an eye on?". This would work just fine for a single instance install, but since version 6.0, the dbinspect search command is distributed, which means that if you install the TA on the SH as well, you'll double-measure your indexers.

A few folks have wondered about this, and since it's not truly relevant on the search head in a distributed environment, the next release won't include that panel.

Reply
Solved! Jump to solution

emiller42
Motivator
‎05-11-2015 06:49 AM

Thank you for the clarification!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...