Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Apps that are installed on a deployment client running a universal forwarder (From Distributed SH)

koshyk
Super Champion
‎08-15-2017 06:20 AM

As per somesoni2 answer in https://answers.splunk.com/answers/426786/is-there-a-way-to-get-a-list-of-splunk-apps-that-a-1.html (which works perfectly) from a deployment server Manager, it is NOT working for a search member of the cluster. I have tried putting physical splunk deployment server too, but still no luck. Is there a way to query REST endpoint of another splunk tier via UI? something like ..

| rest /services/deployment/server/clients splunk_server=my_deployment_manager

The reason for this is to provide UI self catering capability for customers so they can check the status of Apps and they don't have access to Master servers. Any tricks/tips which can make this information from Search Head members (SHC) in a cluster would be highly appreciated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

masonmorales
Influencer
‎08-15-2017 10:34 AM

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

masonmorales
Influencer
‎08-15-2017 10:34 AM

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎08-16-2017 03:27 AM

I agree to that. But my SHC is part of the distributed Search Head cluster already. But it is only a Search Member (not the master itself)

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...