Deployment Architecture

Promoting to App level in deployed App

Jason
Motivator

Say I use deployment server to deploy an App (with user interface) to a search head, and a user uses it, creates a search, and promotes it to App level to share with others.

Does this search, now in the App folder for the deployment server-managed App, soon disappear because it makes the App folder have a different checksum than on the deployment server, thus downloading and reinstalling the App (and possibly rebooting the Search Head)?

Something tells me any App deployed to a search head should not allow object promotion into it, unless Splunk handles this magically somehow.

1 Solution

gkanapathy
Splunk Employee
Splunk Employee

Correct, if a deployment server managed app is changed (by promotion, or by changing permissions, or anything) it will be reverted back to the original DS managed version. probably it makes sense to make sure that no-one can create items in DS managed apps, perhaps by putting into metadata/local.meta of the app:

[]
access = write : [] , read : [ * ]

for example.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

Correct, if a deployment server managed app is changed (by promotion, or by changing permissions, or anything) it will be reverted back to the original DS managed version. probably it makes sense to make sure that no-one can create items in DS managed apps, perhaps by putting into metadata/local.meta of the app:

[]
access = write : [] , read : [ * ]

for example.

Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...