Deployment Architecture

Deployment Server Total Downloads in the Last Hour

lib_systems
Path Finder

I've recently set up a deployment server with about 100 clients phoning home, per the default setting. The deployment server contains about 20 deployment apps which are not updated often. However, each time I go to the Forwarder Management page, the statistics at the top will show something like "281 Total Downloads in the last 1 hour". Can someone explain how I should be interpreting this count? The deployment apps are not being updated so clients are not downloading any new changes. Does the act of a client simply phoning home constitute a "download"? Any insight is appreciated.

jmantor
Path Finder

I've been ignoring this number for 8 or 9 years now as it's never made any sense and doesn't correspond to the results of the queries mentioned above.   How does this counter even work?

0 Karma

CarsonZa
Contributor

index=_internal source=*splunkd.log host=YourDeploymentServerHere component=PackageDownloadRestHandler "Download complete"
| stats count by app

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi,

Any solution for this one?

————————————
If this helps, give a like below.
0 Karma

lib_systems
Path Finder

Nope. I've given up and chalked this up to another piece of software that doesn't work as advertised since I've done nothing more than follow the basic installation instructions.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

The phone home doesn't count as download. I would check the splunkd.log of the your deployment server to see what all clients/apps are being download, you can use this query for it.

index=_internal source=*splunkd.log host=YourDeploymentServerHere action=download
0 Karma

lib_systems
Path Finder

Thanks for the suggestion, though the results of that query make this even more puzzling. It returns 0 results for today, even though the Forwarder Management page continues to report "281 Total Downloads in the last 1 hour". In fact, the most recent "Download" result is from 2 days ago. And if I run the against the last 7 days, it only returns 165 results, all of the following form:

03-20-2017 18:10:21.156 +0000 INFO  ClientSessionsManager - ip=xxx.xxx.xxx.xxx name=server.company.com Updating record for sc=Servers app=Splunk_TA_nix_Addon: action=Download result=Ok checksum=3412605308407739600

Seems like that count is not updating properly.

0 Karma

fairje
Communicator

You are not alone, I have been plagued by this problem for a very long time. Only it is far worse. I have ~20k hosts, and it will report 80k+ downloads in the last hour. Which seems to be bogging down the page and making it almost unusable.

I have a few downloads in any given time period because we are pushed to workstations and VDI and they are always putting on new workstations onto the network and VDI hosts are always spawning and being destroyed. But never anywhere close to the numbers reported.

0 Karma

luminadsouza13
Engager

Where you able to troubleshoot the issues for highest number of downloads ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...