Deployment Architecture

Deployment server: How to exclude content from app updates to deployment clients?

quaestorit
New Member

First of all, sorry for my english.
When Splunk deployment server (6.1.4 version) updates apps on deployment clients also update excluded files. I've defined excluding in serverclass.conf app stanza:

[serverClass:Linux:app:Splunk_TA_nix]
restartSplunkWeb = 0
restartSplunkd = 0
stateOnClient = enabled
excludeFromUpdate = $app_root$/local

If I added it to global section, also not working (also rewrite local directory,). Please help.

0 Karma

schose
Builder

nope, found the issue. excludeFromUpdate only seems to work with 6.2 or higher clients. I thought this could be implemented on FW Management serverside.

djfangv
Engager

I've implemented this and your syntax looks correct. It does look like your version is incompatible.

0 Karma

lmyrefelt
Builder

I don't think $app_root$ is a valid variable ... however you can define it inside your $SPLUNK_HOME/etc/splunk-launch.conf ;

Se here for more details;
http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Splunk-launchconf

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

http://docs.splunk.com/Documentation/Splunk/6.2.1/admin/Serverclassconf

I havent tested this, but $app_root$ should be substituted for the app name and trailed with the '/'

[serverClass:Linux:app:Splunk_TA_nix]
...
excludeFromUpdate = Splunk_TA_nix/local/
...

Try that and see if you receive any errors.

0 Karma

quaestorit
New Member

Thanks for your anwser, but still not working (override the local directory). There isnt relevant information in log files.

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...