Due to security requirements we cannot have a single Streams App "Deployer" which all Streams Agents phone home to
splunk_stream_app_location = https://192.168.64.60:8000/en-us/custom/splunk_app_stream/
disabled = 0
In order to work around this network/security limitation we've had to install the Stream App on HFs in multiple network zones.
Question: To save us having to manually enter all the custom Streams and Forwarder Groups can we export from one instance and import to another?
From what I can tell they are in a kvstore based on the contents of this file
# Splunk app KV Store collection file
Is it just a matter of exporting one or all of these collections?
/opt/splunk/bin/splunk backup kvstore -archiveName streams-streams-backup -collectionName streams -appName splunk_app_stream
/opt/splunk/bin/splunk backup kvstore -archiveName streams-forwardergroups-backup -collectionName streamforwardergroups -appName splunk_app_stream
# Then collect these backups from /opt/splunk/var/lib/splunk/kvstorebackup copy across to the other "Stream Deployer" then reimport with
/opt/splunk/bin/splunk restore kvstore -archiveName streams-streams-backup -collectionName streams -appName splunk_app_stream
/opt/splunk/bin/splunk restore kvstore -archiveName streams-forwardergroups-backup -collectionName streamforwardergroups -appName splunk_app_stream
Is there a better way or is this our only option?