Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why do we see apps on the forwarder which are not on the deployment server?

danielbb
Motivator
‎07-12-2021 03:09 PM

We see on the UF -

 

 

 

/opt/splunkforwarder/etc/apps
$ \ls -tlr
total 48
drwxr-xr-x   4 splunk   splunk         4 Apr 15  2019 SplunkUniversalForwarder
drwxr-xr-x   4 splunk   splunk         4 Apr 15  2019 introspection_generator_addon
drwxr-xr-x   4 splunk   splunk         4 Apr 15  2019 search
drwxr-xr-x   3 splunk   splunk         3 Apr 15  2019 splunk_httpinput
drwxr-xr-x   5 splunk   splunk         5 Apr 15  2019 learned

 

 

 

 

These apps are not on the deployment server and they interfere with the configurations on the forwarder.

Why are they there and what can be done to remove them?

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-12-2021 05:47 PM

Hi @danielbb 

These are default apps they come along with UF installation, if you wanted to remove them you might end up having issues as some of default/ conf files getting used by forwarder. There is no docs around what are default apps and their purpose.

If the apps in your DS are conflicting then you shall rename them on DS, i would not modify the names of these default apps on forwarder but you give a try and see the impact with full backup on before.

--

An upvote would be appreciated if this reply helps!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-12-2021 05:47 PM

Hi @danielbb 

These are default apps they come along with UF installation, if you wanted to remove them you might end up having issues as some of default/ conf files getting used by forwarder. There is no docs around what are default apps and their purpose.

If the apps in your DS are conflicting then you shall rename them on DS, i would not modify the names of these default apps on forwarder but you give a try and see the impact with full backup on before.

--

An upvote would be appreciated if this reply helps!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...