All Apps and Add-ons
Highlighted

What is the correct installation and configuration for the Fire Brigade version 2 app and add-on in an indexer clustering environment?

Communicator

I am setting up Fire Brigade v 2.0.3 to monitor my splunk deployment (using index clustering with RF = 5 and SF = 3). The documentation for Fire Brigade provided a brief discussion for a few options in terms of deployment, but I am a little unclear still as to the recommended deployment when monitoring an indexer cluster. It seems like my options are as follows:

  1. Deploy Fire Brigade and the TA on the cluster master including making the master a search-head.
  2. Same as 1 including distributing the TA to all the index cluster peers doing a cluster-bundle apply.
  3. Deploy Fire Brigade and the TA on and across the search-head cluster.
  4. Deploy Fire Brigade and the TA on a stand-alone search-head
  5. Same as 4 including distributing the TA to all the index cluster peers doing a cluster-bundle apply.

I am also not really clear on configuring the monitoredindexes.csv. Firstly, I don't find anything so far in the Fire Brigade UI for configuring this csv. Secondly, looking on the stand-alone sh where I currently deployed FB and its TA doing a 'find /opt/splunk -name monitoredindexes*' as the root account returned no file. Same situation when looking for this file on the index cluster master (I uploaded the TA to the master in case it is recommended to apply the TA across the cluster).

Highlighted

Re: What is the correct installation and configuration for the Fire Brigade version 2 app and add-on in an indexer clustering environment?

Splunk Employee
Splunk Employee

Firebrigade-TA goes on the indexers, it can be deployed with 'master-apps' on the CM.

The app itself will go on a search head, doesn't need to be the CM.

As for monitored indexes, there is a saved search that runs every night in the early AM. It builds that list based on all the indexes that are replicating.

Install that, and wait. It will be populated within 24 hours, as I believe is noted in the docs.

View solution in original post

Highlighted

Re: What is the correct installation and configuration for the Fire Brigade version 2 app and add-on in an indexer clustering environment?

Communicator

Thanks esix_splunk - doing your recommended config now.

0 Karma
Highlighted

Re: What is the correct installation and configuration for the Fire Brigade version 2 app and add-on in an indexer clustering environment?

Community Manager
Community Manager

FYI, Fire Brigade version 2 will no longer be updated (latest version is 2.0.3). The newer versions 2.0.4 and higher will now be available with the original “Fire Brigade” app on Splunkbase which was just updated to support Splunk 6.3. This is noted on the page for Fire Brigade on Splunkbase:
https://splunkbase.splunk.com/app/1581/

If you have any questions, ping the developer of the app @sowings

Cheers!

0 Karma