Deployment Architecture

Splunk Apps that are installed on a deployment client running a universal forwarder (From Distributed SH)

koshyk
Super Champion

As per somesoni2 answer in https://answers.splunk.com/answers/426786/is-there-a-way-to-get-a-list-of-splunk-apps-that-a-1.html (which works perfectly) from a deployment server Manager, it is NOT working for a search member of the cluster. I have tried putting physical splunk deployment server too, but still no luck. Is there a way to query REST endpoint of another splunk tier via UI? something like ..

| rest /services/deployment/server/clients splunk_server=my_deployment_manager

The reason for this is to provide UI self catering capability for customers so they can check the status of Apps and they don't have access to Master servers. Any tricks/tips which can make this information from Search Head members (SHC) in a cluster would be highly appreciated.

0 Karma
1 Solution

masonmorales
Influencer

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

View solution in original post

0 Karma

masonmorales
Influencer

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

0 Karma

koshyk
Super Champion

I agree to that. But my SHC is part of the distributed Search Head cluster already. But it is only a Search Member (not the master itself)

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...