Solved: Deployment Server not pushing apps to clients

mhrycyshyn · ‎09-25-2013

I currently have Splunk 5.0.1 and am unable to get the deployment server to push apps. The server class has been defined and the folder containing the apps created, however for some reason it just will not upload the packages. Right now I am trying to use the Exchange TA's for testing.

I have restarted the Splunk server and the Splunk universal forwarder on the other end as well with no luck.

The serverclass.conf contains:

[global]

targetRepositoryLocation = C:\Program Files\SplunkUniversalForwarder\etc\apps\

[serverClass:Global SEP Servers]

filterType = whitelist
repositoryLocation = C:\Splunk\deployment-apps\Corp_SEP\
whitelist.0 = -SEP-

The deploymentclient.conf file contains just an entry for [target-broker:deploymentServer]

I am sure I am missing something simply, but any help would be greatly appreciated.

LiquidTension · ‎09-25-2013

You will need to define what apps should be shipped at the end of your serverClass for sure.

[serverClass:Global SEP Servers]
whitelist.0 = ServerX
[serverClass:Global SEP Servers:app:APP1]
[serverClass:Global SEP Servers:app:APP2]
[serverClass:Global SEP Servers:app:APP3]
[serverClass:Global SEP Servers:app:APP4]
[serverClass:Global SEP Servers:app:APP5]

You can remove the targetRepositoryLocation since that is the default but if you want to keep it there it should look like C:\Program Files\SplunkUniversalForwarder\etc\apps\

(I dont identify it because I have a large ammount of unix hosts as well)

Splunk reload deploy-server and check if your apps ship

View solution in original post

LiquidTension · ‎09-25-2013

You will need to define what apps should be shipped at the end of your serverClass for sure.

[serverClass:Global SEP Servers]
whitelist.0 = ServerX
[serverClass:Global SEP Servers:app:APP1]
[serverClass:Global SEP Servers:app:APP2]
[serverClass:Global SEP Servers:app:APP3]
[serverClass:Global SEP Servers:app:APP4]
[serverClass:Global SEP Servers:app:APP5]

You can remove the targetRepositoryLocation since that is the default but if you want to keep it there it should look like C:\Program Files\SplunkUniversalForwarder\etc\apps\

(I dont identify it because I have a large ammount of unix hosts as well)

Splunk reload deploy-server and check if your apps ship

mhrycyshyn · ‎09-25-2013

Thanks, worked like a charm. I must have missed that in the instructions.

sowings · ‎09-25-2013

It's pull, not push, and you haven't told the members of the SEP servers to pull anything. The repositoryLocation setting is for the parent directory of the apps, not an individual app to send. You probably want C:\Splunk\deployment-apps. (But typically, this folder in a default install lives in an "etc" subfolder of the Splunk home directory.)

Next, you need a line that says "for this class, send this app":

[serverClass:Global SEP Servers:app:Corp_SEP]

Then run splunk reload deploy-server, and watch the clients.

Also, if this app contains inputs.conf or outputs.conf definitions, you'll need to restart the Splunk service on the forwarder after the app arrives. You can do this with the restartSplunkd flag in serverclass.conf.

mhrycyshyn · ‎09-25-2013

Sorry I should clarify, the base directory for apps on this Server Class is C:\Splunk\deployment-apps\Corp_SEP\. I have placed folders under that that contain the actual apps to be deployed.

Deployment Server not pushing apps to clients

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...