Issues with deployment updating apps

bshuford · ‎07-12-2010

I am trying to setup a deployment server for all of my other forwarders on the network. I am trying to test to see if the deployment is working correctly so I put an updated copy of the search app in the etc/deployment-apps folder. I unarchived the file and put that folder in the deployment-apps folder. I cant seem to get the updated version sent out to my other forwarders. There are no firewall issues and I am going from a windows server to another windows server as a test before I add my other linux and windows servers to the client list. Here are my configs:

Deployment Server:

[Global]
repositoryLocation = C:\Program Files\Splunk\etc\apps
continueMatching = True
restartSplunkd = True
blacklist.0 = *

[serverClass:AppsByMachine]
filterType = whitelist
repositoryLocation = C:\Program Files\Splunk\etc\deployment-apps
whitelist = enabled
whitelist.0 = IP Address
whitelist.1 = IP Address

[serverClass:AppsByMachineType:app:Search]
machineTypes = windows-intel
stateOnClient = enabled

Deployment Client:

[deployment-client]
disabled = false
workingDir = $SPLUNK_HOME/var/run/deploy-client
serverEndpointPolicy = acceptAlways

[target-broker:deploymentServer]
targetUri= IP Address:Port

Both config files are in the correct place on each server. Why isn't this working?

ftk · ‎09-21-2010

I would begin troubleshooting this by removing the repositoryLocation = C:\Program Files\Splunk\etc\apps line from the [global] stanza.

Also keep in mind that machineTypes only gets applied if no clients are matched via white/blacklist filters (see docs). The whitelist settings in [serverClass:AppsByMachine] may interfere with this.

snowmizer · ‎07-12-2010

Maybe this sample can help? I'm not using every option you are above but the basics may help.

[global] whitelist.0=*

[serverClass:lightforwarders] whitelist.0=*

[serverClass:lightforwarders:app:SplunkLightForwarder] machine-type=windows-intel stateOnClient=enabled restartSplunkd=true

[serverClass:winEvt] whitelist.0=*

[serverClass:winEvt:app:winEvt] machine-type=windows-intel stateOnClient=enabled restartSplunkd=true

[serverClass:winEvt:app:winEvtDC] whitelist.0= whitelist.1= stateOnClient=enabled restartSplunkd=true

gkanapathy · ‎12-01-2010

You should look into enabling DEBUG level logging of DeploymentClient class using the CLI, then see what the client is being told his classes should be in splunkd.log: http://www.splunk.com/base/Documentation/4.1.6/Admin/ContactSupport#Enable_debug_messages_from_the_C...

You can also enable DEBUG on the DeploymentServer class on the server.

bshuford · ‎07-12-2010

That did not seem to work. It didn't seem to do anything. I have just looked on the deployment server under the deployment server class status and see that under applications that there is only a little rectangle, and no actual apps, if that helps.

snowmizer · ‎07-12-2010

Looks like my config didn't come across completely:

[global]
whitelist.0=*

[serverClass:lightforwarders]
whitelist.0=*

[serverClass:lightforwarders:app:SplunkLightForwarder]
machine-type=windows-intel
stateOnClient=enabled
restartSplunkd=true

[serverClass:winEvt]
whitelist.0=*

[serverClass:winEvt:app:winEvt]
machine-type=windows-intel
stateOnClient=enabled
restartSplunkd=true

[serverClass:winEvt:app:winEvtDC]
whitelist.0=abc.mydomain.com
whitelist.1=def.mydomain.com
stateOnClient=enabled
restartSplunkd=true

Issues with deployment updating apps

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!