Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Apps that are installed on a deployment client running a universal forwarder (From Distributed SH)

koshyk
Super Champion
‎08-15-2017 06:20 AM

As per somesoni2 answer in https://answers.splunk.com/answers/426786/is-there-a-way-to-get-a-list-of-splunk-apps-that-a-1.html (which works perfectly) from a deployment server Manager, it is NOT working for a search member of the cluster. I have tried putting physical splunk deployment server too, but still no luck. Is there a way to query REST endpoint of another splunk tier via UI? something like ..

| rest /services/deployment/server/clients splunk_server=my_deployment_manager

The reason for this is to provide UI self catering capability for customers so they can check the status of Apps and they don't have access to Master servers. Any tricks/tips which can make this information from Search Head members (SHC) in a cluster would be highly appreciated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

masonmorales
Influencer
‎08-15-2017 10:34 AM

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

masonmorales
Influencer
‎08-15-2017 10:34 AM

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎08-16-2017 03:27 AM

I agree to that. But my SHC is part of the distributed Search Head cluster already. But it is only a Search Member (not the master itself)

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top