Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why do we see apps on the forwarder which are not on the deployment server?

danielbb
Motivator
‎07-12-2021 03:09 PM

We see on the UF -

 

 

 

/opt/splunkforwarder/etc/apps
$ \ls -tlr
total 48
drwxr-xr-x   4 splunk   splunk         4 Apr 15  2019 SplunkUniversalForwarder
drwxr-xr-x   4 splunk   splunk         4 Apr 15  2019 introspection_generator_addon
drwxr-xr-x   4 splunk   splunk         4 Apr 15  2019 search
drwxr-xr-x   3 splunk   splunk         3 Apr 15  2019 splunk_httpinput
drwxr-xr-x   5 splunk   splunk         5 Apr 15  2019 learned

 

 

 

 

These apps are not on the deployment server and they interfere with the configurations on the forwarder.

Why are they there and what can be done to remove them?

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-12-2021 05:47 PM

Hi @danielbb 

These are default apps they come along with UF installation, if you wanted to remove them you might end up having issues as some of default/ conf files getting used by forwarder. There is no docs around what are default apps and their purpose.

If the apps in your DS are conflicting then you shall rename them on DS, i would not modify the names of these default apps on forwarder but you give a try and see the impact with full backup on before.

--

An upvote would be appreciated if this reply helps!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-12-2021 05:47 PM

Hi @danielbb 

These are default apps they come along with UF installation, if you wanted to remove them you might end up having issues as some of default/ conf files getting used by forwarder. There is no docs around what are default apps and their purpose.

If the apps in your DS are conflicting then you shall rename them on DS, i would not modify the names of these default apps on forwarder but you give a try and see the impact with full backup on before.

--

An upvote would be appreciated if this reply helps!

0 Karma
Reply
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...