Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can you help me make changes to the cluster nodes?

rung8
New Member
‎12-18-2018 11:10 AM

Hi,

I'm trying to configure changes to my slave nodes. I understand that on the master we have to go to the master apps local and copy files there and push the bundle. But, I was wondering since there is file order precedence, does Splunk look into each file for configurations? Or does it look into highest priority and go with that?

I'm wondering if I just push only one configuration instead of copying the entire default configuration and adding to that. Would the slave nodes still look into the default configuration? Or just the configs from the slave apps?

Thanks

0 Karma
Reply

prakash007
Builder
‎12-18-2018 11:36 AM

@rung8: I would do this, create a custom-app on your cluster-master and apply the bundle, in this way you have more control over the configurations you deploy and it's easy to manage...
1. ClusterMaster: $SPLUNK_HOME/etc/master-apps/customapp(with all configs in here)
NOTE:you can have multiple-custom apps based on the functionality(easy to differentiate and troubleshoot)
2. ClusterMaster:apply cluster bundle
3. Indexers(Peer-nodes): $SPLUNK_HOME/etc/slave-apps/customapp(downloaded here by default)
Follow this splunkdoc for more details...
https://docs.splunk.com/Documentation/Splunk/7.2.1/Indexer/Updatepeerconfigurations#Structure_of_the...

0 Karma
Reply

rung8
New Member
‎12-18-2018 11:45 AM

Thanks for your reply prakash007.

What would be the difference from creating the customapp directory and adding configuration files there compared to creating them inside $splunk_home/etc/master-apps/_cluster/local

0 Karma
Reply

prakash007
Builder
‎12-18-2018 11:57 AM

you will end up with all configs in one location($SPLUNK_HOME/etc/master_apps/_cluster/local), but with custom-apps...
for instance I create 2 different custom-apps like network_TA(props and transforms..etc)for my network gear,apache_TA(props and transforms..etc) for apache logs..
In that way it's easy to manage the configs based on functionality, at the end it's your preference 🙂

0 Karma
Reply

rung8
New Member
‎12-18-2018 01:04 PM

Ah I see. Thank you very much for this input. I can see how much more flexible it is when configured this way. I will try it out.

  • One more thing So when these files are created in custom apps. Does splunk still look into the default configuration? I read some resource that said only add what you need in the upper configuration. So based on that im assuming it still does. But then theres the question of what if there are configuration conflicts such as indexes.conf when defining an index.

I hope that makes sense and if you can clarify this it would be great! Thank you

0 Karma
Reply

prakash007
Builder
‎12-18-2018 01:37 PM

There are few configs that are not recommended to distribute through the bundle...
https://docs.splunk.com/Documentation/Splunk/7.2.1/Indexer/Updatepeerconfigurations#Settings_that_yo...

How the file precedence works..
http://docs.splunk.com/Documentation/Splunk/7.2.1/Admin/Wheretofindtheconfigurationfiles#Precedence_...

Coming to conflicts, it depends on your orchestration when you make any changes to configs.

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top