Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How to duplicate/clone a deployment app (Splun...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using the Splunk Add-on for Microsoft Windows to get Windows Event sourcetypes that we're forwarding from Universal Forwarders. We're managing our UF's with a deployment server. I would like to have different settings for inputs.conf with the Splunk_TA_windows add-on for different UF's, but would still like to maintain all types of configuration from the deployment server.
Am I correct in thinking I can duplicate the app on my deployment server to apply to other types of UF's as "Splunk_TA_windows2"? Is there a better way to leverage the same app from a deployment server with different configurations for server classes?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure if it's the best approach, but that's the way we do it. We have 3 separate copies of that app we deploy to different types of devices in our env, each with different inputs settings.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure if it's the best approach, but that's the way we do it. We have 3 separate copies of that app we deploy to different types of devices in our env, each with different inputs settings.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad I'm not the first one with the idea then. Has that worked out okay? When you upgrade do you just re-clone and move your local .conf's back for all 3 copies?
Little surprised there wasn't a standard answer somewhere. Seems like the need to have different configurations of an app for different service groups would be somewhat common.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's worked out for our needs. We haven't upgraded the app yet, but I don't imagine much would change for the inputs between versions. And we don't really touch the apps often, only if we need to start or stop ingesting a new event id or event log, etc. And in some cases it affects all of the copies and some cases just one particular copy.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
