Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk Apps that are installed on a deployment client running a universal forwarder (From Distributed SH)

koshyk
Super Champion
‎08-15-2017 06:20 AM

As per somesoni2 answer in https://answers.splunk.com/answers/426786/is-there-a-way-to-get-a-list-of-splunk-apps-that-a-1.html (which works perfectly) from a deployment server Manager, it is NOT working for a search member of the cluster. I have tried putting physical splunk deployment server too, but still no luck. Is there a way to query REST endpoint of another splunk tier via UI? something like ..

| rest /services/deployment/server/clients splunk_server=my_deployment_manager

The reason for this is to provide UI self catering capability for customers so they can check the status of Apps and they don't have access to Master servers. Any tricks/tips which can make this information from Search Head members (SHC) in a cluster would be highly appreciated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

masonmorales
Influencer
‎08-15-2017 10:34 AM

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

masonmorales
Influencer
‎08-15-2017 10:34 AM

To use the rest command in Splunk Web against a remote system, the remote system needs to be a part of the local system's distributed search configuration. Try adding the deployment server as a search peer on your search heads.

Docs:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configureclusteredandnonclusteredsearch
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Connectclustersearchheadstosearchpeers...

Yes, the second link says, "Search head cluster with non-clustered indexers", but it's the same process for searching (with the REST command, or otherwise) any non-clustered Splunk host (e.g. DS) from the search head cluster.

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎08-16-2017 03:27 AM

I agree to that. But my SHC is part of the distributed Search Head cluster already. But it is only a Search Member (not the master itself)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...