Deployment Architecture

Can multiple serverclasses reference the same app in serverclass.conf?

gowen
Path Finder

I'm still trying to address the need from Groups of hosts for serverclass.conf? and I think I see an ugly hack, and I want to know if it'll break anything.

Can two serverclasses in serverclass.conf reference the same app? E.g., if I have an app defined in the /opt/splunk/etc/deployment-apps/MyApp/ tree, can I have

[serverClass:AlphaClass:app:MyApp]

as well as

[serverClass:BravoClass:app:MyApp]

That way, if I have sets of servers for Alpha, Bravo, and Charlie, and log apps of MyAppOne and MyAppTwo, I can mix and match without having to repeat the complex whitelist/blacklist filters. In other words, if AlphaClass is going to need MyAppOne and MyAppTwo, I only specify the hosts via whitelist/blacklist once for AlphaClass and then have AlphaClass be the serverclass for both apps, and the app stanza just needs whitelist.0=* to equal the "group" of servers I specified in the class.

Does that work or is there some subtlety of the way classes and apps interact that won't allow this sort of modular reuse?

Tags (2)
0 Karma

kristian_kolb
Ultra Champion

The following would work as expected 🙂

[serverClass:Alpha]
whitelist.0 = 10.1.1.1
whitelist.1 = 10.2.2.2

[serverClass:Bravo]
whitelist.0 = 11.1.1.1
whitelist.1 = 11.2.2.2

[serverClass:Charlie]
whitelist.0 = 12.1.1.1
whitelist.1 = 12.2.2.2

[serverClass:Alpha:app:MyAppOne]
[serverClass:Alpha:app:MyAppTwo]
[serverClass:Bravo:app:MyAppOne]
[serverClass:Charlie:app:MyAppTwo]

Alpha gets both apps, Bravo gets MyAppOne, Charlie gets MyAppTwo. No need to further specify whitelists/blacklists on the [serverClass:X:app:Y]-level.

In fact if you add a blacklist.0 = 10.1.1.1 for [serverClass:Aplpha:app:MyAppOne], I think you have to explicitly re-add a whitelist.0 = 10.2.2.2 on the app-level stanza, if I understood the documentation correctly.

Simple as that.

/Kristian

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...