Greetings,
I'm looking for documentation on how to structure a deployment server app, the part that goes into deployment-apps/myapp directory.
I want to know if there's a specific way to do it. For example, I want to set up a remote universal forwarder. Can all the files I want to send go in the myapp/ directory? Or should they be split up in a certain way?
Example: I need to send down a splunk.secret file: this file lives in $SPLUNK_HOME/SplunkForwarder/etc, would I put this file in deployment-apps/myapp/etc/? or can it just go into deployment-apps/myapp/ along with all the other files I need to send down and the Deployment Client will know what to do with it when it restarts?
Thanks in advance
Hi @chris94089,
you should before deeply read all the doc at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver
Anyway, you have to take from Splunkbase the apps to deploy or create your custom.
In the second case the folder structure is always the same of all Splunk apps:
Then you have to put these apps in %SPLUNK_HOME/etc/deployment-apps of your Deployment Server.
I prefer to have different apps and not a great fully comprehensive one.
Remember that if you have to manage more than 50 target servers, you need a dedicated DS.
Then, I hint to plan you deployment on paper (or Excel) listing all the apps for each target server and grouping them to find the rules for your ServerClasses.
A ServerClass is, in few words, a table that correlates servers and apps to deploy.
E.G. if you have to deploy the TA_Windows App to all the Windows servers with name "winsrv*" you can group these servers using this rule to create the ServerClass.
When you fully planned your deployment, you can create, using the web GUI, your ServerClasses to deploy apps applyng the planned rules.
Remember to flag the "Splunk restart" for each app otherwise the updates will not be taken.
On final hint: create an app (called e.g. TA_Forwarders) dedicated to contain only information about Deployment Server and Indexers to deploy to all the target servers (no inputs): in this app there will be only three files:
for more infos you can also see my answer https://community.splunk.com/t5/Deployment-Architecture/How-to-set-up-new-deployment-server-in-a-clu...
Ciao and happy splunking.
Giuseppe
Hi @chris94089,
you should before deeply read all the doc at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver
Anyway, you have to take from Splunkbase the apps to deploy or create your custom.
In the second case the folder structure is always the same of all Splunk apps:
Then you have to put these apps in %SPLUNK_HOME/etc/deployment-apps of your Deployment Server.
I prefer to have different apps and not a great fully comprehensive one.
Remember that if you have to manage more than 50 target servers, you need a dedicated DS.
Then, I hint to plan you deployment on paper (or Excel) listing all the apps for each target server and grouping them to find the rules for your ServerClasses.
A ServerClass is, in few words, a table that correlates servers and apps to deploy.
E.G. if you have to deploy the TA_Windows App to all the Windows servers with name "winsrv*" you can group these servers using this rule to create the ServerClass.
When you fully planned your deployment, you can create, using the web GUI, your ServerClasses to deploy apps applyng the planned rules.
Remember to flag the "Splunk restart" for each app otherwise the updates will not be taken.
On final hint: create an app (called e.g. TA_Forwarders) dedicated to contain only information about Deployment Server and Indexers to deploy to all the target servers (no inputs): in this app there will be only three files:
for more infos you can also see my answer https://community.splunk.com/t5/Deployment-Architecture/How-to-set-up-new-deployment-server-in-a-clu...
Ciao and happy splunking.
Giuseppe
So I saw this post here about deployment apps:
https://dev.splunk.com/enterprise/docs/developapps/createapps/appdirectorystructure/
Getting to the root question about deployment app structure (my ds is up and running already), would the link above be an appropriate way to structure the app files in the deployment-apps/myapp directory?
Hi @chris94089,
yes it's correct, even if usually in TAs less folders are used.
I hint to explore the Splunk Add-On Builder (https://splunkbase.splunk.com/app/2962/) that can guide you in TA creation.
Ciao.
Giuseppe
P.S.: Karma Points are appreciated 😉