Deployment Architecture

What happens to deployed apps on deployment clients when phoning home and doesn't find serverclass configs for a whitelisted IP?


What happens to the deployed apps in the deployments-clients when it phones home and doesn't find the serverclass configs for that IP address? OR the configs/apps exist, but the whitelist IP is removed?

Will it remove the deployed apps & configs on the client ?

0 Karma


Yes if a client once matched a stanza in your serverclass.conf file and no longer does the app(s) associated with that stanza will be removed. Here is one of my favorite-est admin searches to see when apps are installed or removed on endpoints. It was initially built back in the olden days of 5.x so as the forwarder environment migrated to 6.x I wanted to see that. I should reverse the emphasis to highlight remaining 5.x forwarders.

index=_internal sourcetype=splunkd deployedapplication (removing OR installing OR uninstalling) NOT "removing app at location" | rex "DeployedApplication - (?<Action>\S+)\sapp(\=|\S+\s)(?<App>\S+)" | eval Action = case(Action="Removing" , "Removing" , Action="Uninstalling" , "Removing" , Action="Installing" , "Installing" , 1=1,"Fix me") | rex "(Removing|Installing) app=(?<Version>\S+)" | eval Version = if(isnull(Version),"5x","-= 6x =-") | dedup _time host Action App Version | table _time host Action App Version | sort -_time
0 Karma


If I follow your question right…
When an app on a deployment client is managed by the deployment server and the client no longer matches the serverclass or the app is removed from the deployment server repository then the app will be removed from the deployment client.

0 Karma