How do you handle the fact that apps like Splunk_TA_nix
and Splunk_TA_windows
have relative paths like [script://./bin/df.sh]
that will not resolve correctly when deployed by the Cluster Master via master-apps
to slave-apps
on the indexer and results in failure to run and errors like this:
04-18-2020 18:07:11.694 -0400 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_nix/bin/df.sh" /bin/sh: /opt/splunk/etc/apps/Splunk_TA_nix/bin/df.sh: No such file or directory
What compounds it is that we also send these same apps to our UFs where they work fine as-is. Obviously the problem is that the relative path resolution code in splunkd
is hard-coded to use $SPLUNK_HOME/etc/apps
and with cluster master
the apps are in $SPLUNK_HOME/etc/slave-apps/
. It looks like Splunk may never fix it to be smarter, so we have to accommodate both ways. We are looking for the most portable and lightweight method. I can think of (and have tried) at least 3 ways but I don't really like any of them. What do you do? Is there any way to use the same inputs.conf
file for Clustered Indexers and other nodes?
I have the wrapper script have some knowledge of the possibility it may be in a different place. For example:
APPBASEDIR="${SPLUNK_HOME}/etc/apps/my_app_name"
# masters push out apps to etc/slave-apps on indexers
APPBASEDIRSLAVE="${SPLUNK_HOME}/etc/slave-apps/my_app_name"
...
if [[ ! -e ${APPBASEDIR} ]]; then
log "Not deployed to ${APPBASEDIR}; checking for indexer deployment"
if [[ -e ${APPBASEDIRSLAVE} ]]; then
log "Updating basedir"
APPBASEDIR=${APPBASEDIRSLAVE}
else
log "Unable to find deployment."
exit 1
fi
fi
Hi @woodcock,
Since all these inputs are disabled by default, in any case, you will need to create an inputs.conf file to enable them. I would edit the script path while creating inputs in the app (i.e. org_all_indexers_inputs ) that I create for input settings for indexers.