Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ERROR reading deployment app that isn't deployed to clients

DEAD_BEEF
Builder
‎12-15-2017 06:41 AM

My search head is the deployment server. Going through the splunkd log for ERROR and finding the following errors for multiple apps

ERROR Application - Application=<my_app> cannot be loaded, as path=/opt/splunk/etc/deployment-apps/<my_app> does not exist.
ERROR Serverclass - Failed to load app. Application=<my_app> cannot be loaded, as path=/opt/splunk/etc/deployment-apps/<my_app> does not exist.

Here are the oddities to this:

  • the <my_app> folder DOES exist in /opt/splunk/etc/deployment-apps/
  • the <my_app> is NOT deployed to any clients nor part of any server class
  • the folder is owned by splunk:splunk
  • the folder has the same permissions as the other app folders

If the folder exists, owned by the correct user with the right permissions, and is NOT deployed, what is causing these errors to generate? Is there some file that needs to be refreshed so that the deployment server stops trying to access/send this to the clients?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎12-22-2017 07:39 AM

The app was listed in one of the [serverClass:...] entries despite not being deployed to any client nor listed under any server class (in the gui). I commented out and restarted services. I have not seen the error since then so I'll close this out as the solution. Check your serverclass.conf!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎12-22-2017 07:39 AM

The app was listed in one of the [serverClass:...] entries despite not being deployed to any client nor listed under any server class (in the gui). I commented out and restarted services. I have not seen the error since then so I'll close this out as the solution. Check your serverclass.conf!

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎12-15-2017 08:26 AM

Try to run btool on serverclass.conf to see if any instance of serverclass.conf file is doing anything with <my_app>.

$SPLUNK_HOME/bin/splunk btool serverclass list --debug | grep my_app
0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎12-15-2017 10:35 AM

<my_app> did show up in one listing. It looks like <my_app> was listed in one of the [serverClass:...] despite not being deployed to any client nor listed under any server class (in the gui). I commented <my_app> out and restarted services.

No new errors of this kind since the changes. I will monitor for a few days and mark as solved if this proves to be the solution.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...