All Apps and Add-ons
Highlighted

Using the Azure Monitor Add-on for Splunk, what is the best method for deploying via a Deployment Server?

Explorer

Because this app stores a number of passwords and secrets in an encrypted format, I can't copy and put the the app on our deployment server as I normally do with other apps. Does anyone have a method for deploying the Splunk Azure Monitor from a Deployment Server to a heavy forwarder?

Thanks in advance!

0 Karma
Highlighted

Re: Using the Azure Monitor Add-on for Splunk, what is the best method for deploying via a Deployment Server?

SplunkTrust
SplunkTrust

Hi @andrewzuehlke

I typically just use the deployment server for managing universal forwarders only. There are many options for managing apps on HWF, for example:

  • You can use puppet/chef/ansible.
  • Pull from a git repository (ideally using one of the above)
  • Deploy it using the HWF UI (Manage App > Install app from file)

All the best

0 Karma
Highlighted

Re: Using the Azure Monitor Add-on for Splunk, what is the best method for deploying via a Deployment Server?

Esteemed Legend

You actually can. You just need to copy the splunk.secret file on your Deployment Server to all of the destinations. This is trivial to do before you start Splunk for the first time, however you can do it after the fact; see here:

https://www.hurricanelabs.com/splunk-tutorials/update-splunk-secret-without-breaking-your-production...

View solution in original post

0 Karma