Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why does authorize.conf reside on the default directory of the search head?

ddrillic
Ultra Champion
‎11-30-2017 10:09 AM

On the deployer server we have the authorize.conf under /opt/splunk/etc/shcluster/apps/key_all_authentication/local. On the SH it ends up at /opt/splunk/etc/apps/key_all_authentication/default. Why under default?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎11-30-2017 10:26 AM

Hi @ddrillic,

Please refer this https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/PropagateSHCconfigurationchanges#App_c... , when deployer push app configuration it merge both local and default directory and place the configuration in default directory on Cluster Member.

I hope this helps.

Thanks,
Harshil

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎11-30-2017 10:26 AM

Hi @ddrillic,

Please refer this https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/PropagateSHCconfigurationchanges#App_c... , when deployer push app configuration it merge both local and default directory and place the configuration in default directory on Cluster Member.

I hope this helps.

Thanks,
Harshil

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎11-30-2017 12:07 PM

Gorgeous @harsmarvania57 !!!

It says -

-- When it deploys apps, the deployer places the app configurations in default directories on the cluster members.

-- The deployer never deploys files to the members' local app directories, $SPLUNK_HOME/etc/apps/<app_name>/local. Instead, it deploys both local and default settings from the configuration bundle to the members' default app directories, $SPLUNK_HOME/etc/apps/<app_name>/default. This ensures that deployed settings never overwrite local or replicated runtime settings on the members. Otherwise, for example, app upgrades would wipe out runtime changes.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...