Deployment Architecture

Debugging app deployment to AWS cluster

dave_null
Path Finder

Hello,

 

I have an on-prem Splunk cluster and an AWS cluster. Each one has its own indexers and clustermaster, though only the on-prem setup has a search head and a deployment server. 

 

When I use the deployment server to deploy configurations to a splunk forwarder in AWS, it keeps failing to deploy. I have checked:

Forwarder is installed on machine to send logs

DS can contact the machine to send apps via port 8089

I used TCPDump on the forwarder machine on port 8089 and can see packets from the deployment server 

Unfortunately all I can get from the internal logs is this delightfully descriptive error message:


05-19-2021 08:04:42.818 +0200 WARN ClientSessionsManager - ip=<omitted> name=<omitted> Updating record for sc=<serverclass name> app=<app name>: action=Download result=Fail checksum=0

 

Can anyone suggest more areas to look at? I can't figure out why it is not deploying properly.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...