I just completed building a clustered splunk environment. it currently includes a search, 2 indexers, a master node and universal forwarder. my question is- how do i install and configure apps within the cluster. specifically I am looking into the google maps plugin, probably twitter and several others. how is this done? do i install the app on the master and have it replicate to the nodes, or do i need to install the app on each server? ideally i think it would be spread out- the forwarder inputs the (example) twitter data, indexers store the data, search displays the data. how can i make sure the app functions properly like this?
Ran out of comment room. 🙂
No, I believe they need to be untared. Same principal as a deployment server. There will be settings that you need to set prior to the apps being deployed. Not all the nodes in a distributed environment need the same files, you will notice that there are some apps call TA's. These would mainly be the files needed for an indexer or a forwarder. An example would be the indexers and forwarders do not need to know about the web interface configuration files. You could put an exact copy of each app on all nodes. But all the configuration files will be used and only take up space.
As stated before, the local configurations will need to be done before deployment of the app. An example of this would be on a deployment server. You would create the app. Create the local settings that you need set and prepare the app for deployment, then edit the serverclass.conf file to add that app and to whom it should go to. With a deploy-server reload when the nodes check back in the server will then send the new app to those that need the app.
thank you for the link to that document. it was a big help. i still have a few questions about loading apps:
-in the master-apps directory, do i place the .tgz file in there, or should it be in another format?
-because of the web interface, would the google maps app be installed directly into the search head?
-the twitter app requires some configuration (creds to your twitter account), how would this be pre-configured prior to peer deployment?