Deployment server: How to exclude content from app...

quaestorit · ‎02-23-2015

First of all, sorry for my english.
When Splunk deployment server (6.1.4 version) updates apps on deployment clients also update excluded files. I've defined excluding in serverclass.conf app stanza:

[serverClass:Linux:app:Splunk_TA_nix]
restartSplunkWeb = 0
restartSplunkd = 0
stateOnClient = enabled
excludeFromUpdate = $app_root$/local

If I added it to global section, also not working (also rewrite local directory,). Please help.

schose · ‎10-27-2015

nope, found the issue. excludeFromUpdate only seems to work with 6.2 or higher clients. I thought this could be implemented on FW Management serverside.

djfangv · ‎02-16-2016

I've implemented this and your syntax looks correct. It does look like your version is incompatible.

lmyrefelt · ‎02-23-2015

I don't think $app_root$ is a valid variable ... however you can define it inside your $SPLUNK_HOME/etc/splunk-launch.conf ;

Se here for more details;
http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Splunk-launchconf

esix_splunk · ‎02-23-2015

http://docs.splunk.com/Documentation/Splunk/6.2.1/admin/Serverclassconf

I havent tested this, but $app_root$ should be substituted for the app name and trailed with the '/'

[serverClass:Linux:app:Splunk_TA_nix]
...
excludeFromUpdate = Splunk_TA_nix/local/
...

Try that and see if you receive any errors.

quaestorit · ‎02-25-2015

Thanks for your anwser, but still not working (override the local directory). There isnt relevant information in log files.

Deployment server: How to exclude content from app updates to deployment clients?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases