Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the preferred way to remove a deployed application on a host?

lisaac
Path Finder
‎04-12-2010 05:01 PM

I have deployed an application via the deployment server. What is the preferred way to remove an app from a deployment client? It appears that the action can be completed by updating the whitelist or blacklist for the server class.

Tags (1)
0 Karma
Reply

Lowell
Super Champion
‎04-12-2010 07:23 PM

Chris R has a good approach if you are dealing with custom apps. However, if you are trying to disable built-in apps, such as SplunkForwarder or sample_app, you should consider disabling these apps instead of removing them. The reason being is that next time you install a Splunk upgrade, these apps will get re-installed and will be enabled again if you only removed the app folder.

One approach to wiping out an app is to create an empty app folder with nothing but the local/app.conf file, with the following content:

[install]
state = disabled
Reply

ben_leung
Builder
‎07-08-2014 06:12 PM

This disables the app? Or does it remove the custom app folder from the deployment clients as well?

0 Karma
Reply

Chris_R_
Splunk Employee
Splunk Employee
‎04-12-2010 05:20 PM

The app can simply be removed by deleting the contents of $SPLUNK_HOME/apps/< appname > on the client

You will of course have to remove the entry on your deployment server so the app does not get deployed again. Check in your $SPLUNK_HOME/etc/system/local/serverclass.conf which deploys that app to the client.

Look for the hostname or ip, something like

[serverClass:myapp1]
whitelist.0=hostname.*
...other stuff...
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true

Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...