Deployment Architecture

What happens to deployed apps on deployment clients when phoning home and doesn't find serverclass configs for a whitelisted IP?

splunker12er
Motivator

What happens to the deployed apps in the deployments-clients when it phones home and doesn't find the serverclass configs for that IP address? OR the configs/apps exist, but the whitelist IP is removed?

Will it remove the deployed apps & configs on the client ?

0 Karma

Runals
Motivator

Yes if a client once matched a stanza in your serverclass.conf file and no longer does the app(s) associated with that stanza will be removed. Here is one of my favorite-est admin searches to see when apps are installed or removed on endpoints. It was initially built back in the olden days of 5.x so as the forwarder environment migrated to 6.x I wanted to see that. I should reverse the emphasis to highlight remaining 5.x forwarders.

index=_internal sourcetype=splunkd deployedapplication (removing OR installing OR uninstalling) NOT "removing app at location" | rex "DeployedApplication - (?<Action>\S+)\sapp(\=|\S+\s)(?<App>\S+)" | eval Action = case(Action="Removing" , "Removing" , Action="Uninstalling" , "Removing" , Action="Installing" , "Installing" , 1=1,"Fix me") | rex "(Removing|Installing) app=(?<Version>\S+)" | eval Version = if(isnull(Version),"5x","-= 6x =-") | dedup _time host Action App Version | table _time host Action App Version | sort -_time
0 Karma

mtranchita
Communicator

If I follow your question right…
When an app on a deployment client is managed by the deployment server and the client no longer matches the serverclass or the app is removed from the deployment server repository then the app will be removed from the deployment client.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...