All Apps and Add-ons

Why is Forwarder Management not pushing out configuration changes?

Communicator

Hi

I am using the Forwarder Management to push out configs in the form of apps to the many forwarders in our infrastructure, but the new config is not applied.

My use case :
1. add-on added in the deployment-apps folder
2. add-on pushed to forwarders in my server_class -> no errors returned
3. created new app to enable a URL monitor using the above pushed add-on
4. pushed the new URL_monitor app containing the configs to the forwarders, including a splunkd restart flag -> no errors returned
5. no events are indexed and no errors are returned although the add-on and the app is present under each forwarders app folder

Using a curl on the endpoint monitor returns the status.

Add-on name : REST API Modular Input -> https://splunkbase.splunk.com/app/1546/

URL_Monitoring app contents under local directory:

inputs.conf :

[rest://test]
source = test
auth_type = none
endpoint = http://localhost:8888/test/monitoring
http_method = GET
index = main
index_error_response_codes = 0
polling_interval = 60
request_timeout = 50
response_type = xml
sequential_mode = 0
sourcetype = url
streaming_request = 0

props.conf

[url]
category = Custom
pulldown_type = 1
disabled = false
TRANSFORMS-url = url_transformation

transforms.conf

[url_transformation]
REGEX = ^.\w+..\w+.(?<url_status>\w+).+
FORMAT = url_status::$1
WRITE_META = true

Can i please get some direction on what I am doing wrong?

Thank you in advance.

0 Karma
1 Solution

Communicator

Well. Found the fix :

As the rest app was renamed inside the repository, the rest.py script must also be modified to reflect the new name .

  1. cd /splunk/etc/deployment-apps/test_rest/bin
  2. sed -i 's/rest_ta/test_rest/g' rest.py

Redeployed the addon and everything works.

View solution in original post

Communicator

Well. Found the fix :

As the rest app was renamed inside the repository, the rest.py script must also be modified to reflect the new name .

  1. cd /splunk/etc/deployment-apps/test_rest/bin
  2. sed -i 's/rest_ta/test_rest/g' rest.py

Redeployed the addon and everything works.

View solution in original post

SplunkTrust
SplunkTrust

ah yeah, that would make sense

0 Karma

SplunkTrust
SplunkTrust

Have you tested this configuration on a single instance to make sure it works as expected?

Do you see the app being loaded onto one of the new instances?

0 Karma

Communicator

Forgot to mention that I am using heavy forwarders.

Using the same inputs/props/transforms and the addon on a single instance works, but in my test the files were sitting under the search app and not a new individual app.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!