Solved: How to deploy application in cluster environment?

BansodeSantosh · ‎05-15-2017

I have created an application which contains all configuration of Index, Data Input, Sourcetype, Lookup, Fields and view and Dashboards.

I want to put all visualization (Dashboards) on Search Head and all other configuration of Data Input, Index, Lookup and Fields on Indexer.

Please suggest if you have any idea bout how to do this in cluster environment.

Highly appreciate your help.

Thanks.

koshyk · ‎05-16-2017

First of all, I wouldn't put all config items into a single app. I would put into multiple apps
1. Inputs which is used for collections only. Need to send to ONLY forwarders
2. addon which contains all the brain (eg extractions, regex logic, transformations etc.). deploy to Search Head cluster, Heavy forwarders & Indexers
3. DA/TA which contains the dashboard and front-end stuff - deploy only to Search Heads

Then for distributed deployment
- You need deployer to deploy to Search Head cluster. Just copy the apps to $SPLUNK_HOME/etc/shcluster/apps/ in the deployer and do a bundle deploy
- You need a cluster master to deploy to Indexer cluster. Copy the required TA's/addons to $SPLUNK_HOME/etc/master-apps/ and do a bundle deploy to indexer slaves
- For forwarders/HF , you can use deployment-server $SPLUNK_HOME/etc/deployment-apps/

How to set them up is shown by various documentation

View solution in original post

koshyk · ‎05-16-2017

First of all, I wouldn't put all config items into a single app. I would put into multiple apps
1. Inputs which is used for collections only. Need to send to ONLY forwarders
2. addon which contains all the brain (eg extractions, regex logic, transformations etc.). deploy to Search Head cluster, Heavy forwarders & Indexers
3. DA/TA which contains the dashboard and front-end stuff - deploy only to Search Heads

Then for distributed deployment
- You need deployer to deploy to Search Head cluster. Just copy the apps to $SPLUNK_HOME/etc/shcluster/apps/ in the deployer and do a bundle deploy
- You need a cluster master to deploy to Indexer cluster. Copy the required TA's/addons to $SPLUNK_HOME/etc/master-apps/ and do a bundle deploy to indexer slaves
- For forwarders/HF , you can use deployment-server $SPLUNK_HOME/etc/deployment-apps/

How to set them up is shown by various documentation

guru865 · ‎09-08-2019

@koshyk . I think you meant deployer instead of - You need Deployer to deploy apps to Search Head cluster. Just copy the apps to $SPLUNK_HOME/etc/shcluster/apps/ in the deployer and do a bundle deploy

koshyk · ‎09-09-2019

Thanks @guru865 . My mistake . I've amended accordingly. Upvoted for pointing out the mistake

dineshraj9 · ‎05-15-2017

I think you should read the Distributed Deployment Manual - http://docs.splunk.com/Documentation/Splunk/6.5.3/Deploy/Distributedoverview

This will help you understand how to configurations are to be deployed in clustered and non-clustered environments.

How to deploy application in cluster environment?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation