I am looking for Splunk configuration setting that allows cluster master to push cluster bundles (asynchronously) to peers.
Currently, I have apps folder syncing from git to Deployment server every 15 mins and then propogated to Clustermaster (etc/master-apps). Then, I have to splunk apply cluster-bundle everytime I had to push to Indexers (peers). There is the possibility of peers restarting if certain configurations are updated in indexes.conf, but that is very rare in my setup.
Anyone know of a splunk CM setting that applies cluster bundles whenever there is a change detected.
There is no mechanism to do this automatically. Changes to the CM's master-apps should be infrequent.
You could apply the changes in the folder, via copy or sync, and then hit a rest endpoint to apply the bundle as part of your script...
curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d skip-validation=true -X POST
This seems to work, even though undocumented...
first i will say that i am not aware of such a configuration and would love to know if exist however, it seems like something that is pretty straightforward to script. with that being said, what is the drive behind that need?
I find the CM changes to indexers even in very active environment does not happen very often,. i also find teh CM mechanism of detecting bad configurations and warning about them very helpful and not something i would like to bypass. (although if you script it, you can tell it to let you know if that flag is raised)
hope it helps a little
Thanks adonio for your reply. Yes, Indexer apps does not change very often, but i wanted to know if there is a straightforward way of doing it. I already have "sync_bundle_replication" set to auto as per defaults. I see that async bundle replication happens when i apply but I wanted that apply to be automated.
I hope someone from Splunk reply or update documentation, if this can or cannot be done.