Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to test if directory exists then push app from deployment server?

Mr
Loves-to-Learn Lots
‎08-01-2022 10:29 AM

I'm curious what the best way to test if a directory exists on a server (Windows/ NIX*) and if it exists have the deployment server push the appropriate app out to the given server to pick up the logs.

I've been told that it's best not to just push out all apps to all servers, so I'm trying to more selective.

At the moment we run a script (bash, powershell) on the local server with Splunk and then create custom inputs.conf files to have them send the logs we need. However, this prevents the deployment server from managing those apps.

I'm curious if there's a better way to do this? So we can manage the apps through the deployment server and don't have these one off scenarios that we have to document, so others know about them.

Labels (2)
0 Karma
Reply

dural_yyz
Communicator
‎08-03-2022 12:04 AM

I understand that your end goal is full automation from server reporting folder structure exists to DS ensuring appropriate app to monitor is deployed to that UF.  That level of automation would only be possible to my knowledge with some heavy in house development.

In the interim you could build a single app destined for all UF's which simply scripts and logs a check folder exists flag for each of your target folder structures.  Match that log against last known event from that host from that folder/log file.  If time delta exceeds an acceptable limit then alert/report to someone capable of validating if host has appropriate app assigned in server class.  Add the app where required or investigate lack of ingestion.

It is not the solution you want but it would appear to be a compromise.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-01-2022 11:47 AM

Deployment Servers do not *push* apps to clients.  Clients ask the DS what apps they should have and download those that are missing or changed.

The DS controls which apps go to which clients by way of server classes.  I agree there's rarely need to push apps to all clients, but we already have the means to be selective.  Define your serverclasses such that only clients that need a given app get it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Mr
Loves-to-Learn Lots
‎08-01-2022 01:07 PM

Thank you for the clarification. However, we don't know which servers have these directories, so we have to check and then we're trying to find a way to update the server class when they have those directories.

We're hoping there's a better way, possibly through an API call? Or some other means we're not aware of.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-01-2022 05:36 PM

I forgot to mention in my last reply that there's little harm in monitoring a directory that doesn't exist.  If it should ever exist in the future, you're covered!

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...