Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Why do the multiple deployment servers behind Load Balancers, have different checksum values?

sylim_splunk
Splunk Employee
Splunk Employee
‎02-27-2018 10:39 AM

We have 8 deployment servers. Since some time back we started to have symptoms like checksum mismatch in splunkd.log on the universal forwarders, which causes UF to keep downloading apps. It is certain that no changes has been made to those apps.
We are using crossServerChecksum = true as recommended in the answers link;

https://answers.splunk.com/answers/113792/multiple-deployment-servers-checksum-mismatch-among-instan...

But still, all deployment servers appear to have different checksums by looking at the logs in universal forwarders.

Reply
1 Solution
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎02-27-2018 10:46 AM

As crossServerChecksum = true is configured, splunk will not consider timestamp or permissions of files in calculating checksums, there is no manual way of simulating the checksum calculation exactly as splunk does as of this writing but you can briefly check using md5 as below;

splunk cmd openssl md5 "tarball of the app"

Also make sure there is no hidden files or directories which can cause different checksums. Below has .git which caused different checksums.

-rw-r--r-- 1 support support 0 Jan 31 14:07 README.md
drwxr-xr-x 7 support support 4096 Feb 26 13:59 .git
drwxr-xr-x 2 support support 4096 Feb 26 13:59 auth
drwxr-xr-x 2 support support 4096 Feb 26 13:59 local

View solution in original post

Reply
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎02-27-2018 10:46 AM

As crossServerChecksum = true is configured, splunk will not consider timestamp or permissions of files in calculating checksums, there is no manual way of simulating the checksum calculation exactly as splunk does as of this writing but you can briefly check using md5 as below;

splunk cmd openssl md5 "tarball of the app"

Also make sure there is no hidden files or directories which can cause different checksums. Below has .git which caused different checksums.

-rw-r--r-- 1 support support 0 Jan 31 14:07 README.md
drwxr-xr-x 7 support support 4096 Feb 26 13:59 .git
drwxr-xr-x 2 support support 4096 Feb 26 13:59 auth
drwxr-xr-x 2 support support 4096 Feb 26 13:59 local

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...