Deployment Architecture

Urgent !! First time deployment app creation struggle

sushmitha_mj
Communicator

URGENT!!
For creating an app to
1. Monitor a path lets say /abc/def in a server where forwarder is located
2. Pick data if the file is of a certain name and certain type
3. Load the data into splunk
Note: the splunk root and the forwarders are on different location

What are all the files that I should write or is there like app.conf, inputs.conf etc ?
Which ones(files) come as default if I create this APP DIRECTORY and tie it into the class?
Or should I manually create all the files that should go into this app directory?
Is there any sample script that you can share?

Tags (2)
0 Karma
1 Solution

woodcock
Esteemed Legend

Just create your configuration files as you normally would then choose an app name such as myapp and put your files underneath that in the default directory so that you have files like this on your Deployment Server:

$SPLUNK_HOME/etc/deployment-apps/myapp/default/inputs.conf

Then use the Web GUI on your DS to create a serverclass for this that maps various forwarder IP addresses to receive this myapp app. Once you do all this, myapp will automatically deploy to all your forwarders.

View solution in original post

woodcock
Esteemed Legend

Just create your configuration files as you normally would then choose an app name such as myapp and put your files underneath that in the default directory so that you have files like this on your Deployment Server:

$SPLUNK_HOME/etc/deployment-apps/myapp/default/inputs.conf

Then use the Web GUI on your DS to create a serverclass for this that maps various forwarder IP addresses to receive this myapp app. Once you do all this, myapp will automatically deploy to all your forwarders.

View solution in original post

maciep
Champion

I'm not quite sure what you're asking, but it sounds like you want to know how to use a deployment-server. If that's the case, here's a quick overview.

First off, are your forwarders reporting to the deployment server? If not, then they will need the deploymentclient.conf configured on them.

And then yes, create the app folder under $splunk_home$/etc/deploment-apps. Each app should live in the root of that directory. Each app should at least have a local folder and probably a metadata folder too. The local folder is where you'd create a simple app.conf and your inputs.conf (and any other conf files you might need there). Apps are always created here manually. Once created, they will show up in splunk web.

So once your app is created there, you can head into splunk web and go to the forwarder management page. From there you can create a new server class. Server classes consist of apps and clients. The clients that belong to a server class, will have the apps in that server class deployed to them. So you would want to add your app and client to the new server class.

Since it's a new app, the forwarder should download it next time it checks in. If you were making changes to an app, you'd want to run "splunk reload deploy-server" on the deployment server after updating the app.

That's it in a nutshell, but don't forget to the read the docs because there are a lot of moving parts
http://docs.splunk.com/Documentation/Splunk/latest/Updating/Createdeploymentapps

vincenteous
Communicator

If you're not sure on what to do in creating deployment apps, I suggest you create a dummy app from your Splunk enterprise instance and then copy the apps's skeleton to $SPLUNK_HOME/etc/deployment-apps directory. The skeleton should provide you with all of the necessary .conf files.

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!