Deployment Architecture

Urgent !! First time deployment app creation struggle

sushmitha_mj
Communicator

URGENT!!
For creating an app to
1. Monitor a path lets say /abc/def in a server where forwarder is located
2. Pick data if the file is of a certain name and certain type
3. Load the data into splunk
Note: the splunk root and the forwarders are on different location

What are all the files that I should write or is there like app.conf, inputs.conf etc ?
Which ones(files) come as default if I create this APP DIRECTORY and tie it into the class?
Or should I manually create all the files that should go into this app directory?
Is there any sample script that you can share?

Tags (2)
0 Karma
1 Solution

woodcock
Esteemed Legend

Just create your configuration files as you normally would then choose an app name such as myapp and put your files underneath that in the default directory so that you have files like this on your Deployment Server:

$SPLUNK_HOME/etc/deployment-apps/myapp/default/inputs.conf

Then use the Web GUI on your DS to create a serverclass for this that maps various forwarder IP addresses to receive this myapp app. Once you do all this, myapp will automatically deploy to all your forwarders.

View solution in original post

woodcock
Esteemed Legend

Just create your configuration files as you normally would then choose an app name such as myapp and put your files underneath that in the default directory so that you have files like this on your Deployment Server:

$SPLUNK_HOME/etc/deployment-apps/myapp/default/inputs.conf

Then use the Web GUI on your DS to create a serverclass for this that maps various forwarder IP addresses to receive this myapp app. Once you do all this, myapp will automatically deploy to all your forwarders.

maciep
Champion

I'm not quite sure what you're asking, but it sounds like you want to know how to use a deployment-server. If that's the case, here's a quick overview.

First off, are your forwarders reporting to the deployment server? If not, then they will need the deploymentclient.conf configured on them.

And then yes, create the app folder under $splunk_home$/etc/deploment-apps. Each app should live in the root of that directory. Each app should at least have a local folder and probably a metadata folder too. The local folder is where you'd create a simple app.conf and your inputs.conf (and any other conf files you might need there). Apps are always created here manually. Once created, they will show up in splunk web.

So once your app is created there, you can head into splunk web and go to the forwarder management page. From there you can create a new server class. Server classes consist of apps and clients. The clients that belong to a server class, will have the apps in that server class deployed to them. So you would want to add your app and client to the new server class.

Since it's a new app, the forwarder should download it next time it checks in. If you were making changes to an app, you'd want to run "splunk reload deploy-server" on the deployment server after updating the app.

That's it in a nutshell, but don't forget to the read the docs because there are a lot of moving parts
http://docs.splunk.com/Documentation/Splunk/latest/Updating/Createdeploymentapps

vincenteous
Communicator

If you're not sure on what to do in creating deployment apps, I suggest you create a dummy app from your Splunk enterprise instance and then copy the apps's skeleton to $SPLUNK_HOME/etc/deployment-apps directory. The skeleton should provide you with all of the necessary .conf files.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...