- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- App from single-instance to distributed deployment...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I already have splunk app (used splunk JDK for development) which runs fine on single-instance splunk.
I want to make my app compatible for distributed architecture. How can i proceed? Is there a proper documentation for this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ajain_mi,
There is no official document for this as that would really depend on your app and what it does.
Based on whether you've built a DA, TA, SA your app will simply have to go on different components of the distributed environment.
If for example it's an app for collecting data then you'll have to include it on your Heavy Forwaders; if it's a visualization or dashboard app then you need to have it on your SH, etc..
Let me know if that helps or if you need further details.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ajain_mi,
There is no official document for this as that would really depend on your app and what it does.
Based on whether you've built a DA, TA, SA your app will simply have to go on different components of the distributed environment.
If for example it's an app for collecting data then you'll have to include it on your Heavy Forwaders; if it's a visualization or dashboard app then you need to have it on your SH, etc..
Let me know if that helps or if you need further details.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, @DavidHourani.
My app does both things it collects data as well as visualize that data.
But I want different things to happen in different places like Forwarder pushing data, Indexer creating indexes and storing the data etc. In short, I want to make my app compatible with distributed deployment.
I used Splunk packaging toolkit (http://dev.splunk.com/view/packaging-toolkit/SP-CAAAE9V#required) to divide my app but that didn't work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ajain_mi,
In that case you just need to split your app into a TA for forwarding and field extraction and an app that contains the dashboards and index definition for indexers and search heads. Then use the documentation to describe what goes where. That's the simplest way to go about it imo.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
