Deployment Architecture

deploying Dashboard apps, search apps(search phase) etc in Clustered envrionment

Mag2sub
Path Finder

Looking to leverage Index replication but still unsure on how to deploy apps with views,search time apps to participating indexers?,search heads

online documentation suggestes there are some limitation for Cluster apps in sense tknowledge bundel dont support search time artifacts ....so how does one actually achieve search time apps in Clustered environments..confused ...and appreciate pointers as i may be amiss on the caveats of CLuster apps ?

Tags (1)
0 Karma

jkerai
Splunk Employee
Splunk Employee

Mag2sub, you may want to look at 6.0 as some of these limitations have been addressed.

0 Karma

adrianathome
Communicator

It depends on the app. Some of them will have to be installed in search head only. Others will have components that go on search pears and search head.

I thought it was going to be an issue but it really isn't. I guess it can be inconvenient that on search pears you can use the bundle but the search head will need to be a manual install.

0 Karma

JeremeyWise
Explorer

I am going to glom onto this post and try to get better details then "depends" to the question. I understand that all outliers depend.. but lets keep this simple.

*NIX app How do you do deployment across a cluster designed NSPOF:
4 x Indexer
1 x Cluster mater
1 x Deployer / license server
3 x Search nodes in SH Cluster (VIP for HA)
2 x Heavy forwarders collecting syslog /snmp / json (VIP for HA on inbound)

I did read
Documentation:
http://docs.splunk.com/Documentation/Splunk/6.2.5/DistSearch/HowconfigurationworksinSHC

Design for file location:
splunkcmaster01 -> /opt/splunk/etc/masterapps/ (used for index node component deployment)
splunkdeploy01 -> /opt/splunk/etc/shcluster/apps/ (used for Search Head Cluster Nodes)
-> /opt/splunk/etc/deployment.apps/ (Forwarders)

Example: *NIX app deployment (via best practice)

Step 1: Download splunk-app-for-unix-and-linux_503.tgz onto splunkdeploy01
Step 2: copy files from within tarball out to different splunk directories

[root@splunkdeploy01 /]# cd /tmp/
[root@splunkdeploy01 tmp]# cp /media/labfiles/Software/Splunk/apps/splunk-app-for-unix-and-linux_503.tgz .
[root@splunkdeploy01 tmp]# tar -zxvf splunk-app-for-unix-and-linux_503.tgz
[root@splunkdeploy01 tmp]# cd splunk_app_for_nix/
?? < missing explaination of what dir / files goes where. I think /SA-nix goes in one folder and /TA_nix goes in another folder but also some parts go onto search head. > ??
[root@splunkdeploy01 /]# ls /tmp/splunk_app_for_nix/install/
SA-nix Splunk_TA_nix

Question:
1) README.txt within app has no info to guide on this procedure. And docs website does not speak to cluster type deployment. Is there a guide for or youtube for how this is done?

Once I get the answer for this I can post this.. and as I crawl through other apps deploy on cluster.. I can post that. (example DB connect , Exchange, VWare etc.. which say a lot of "deploy like standalone" but peices to the process are missing... or I am missing the "Very F*ine* Manual"

0 Karma

Mag2sub
Path Finder

And there is not any way to make the search head a deployment client ?...it has to be manual only ?

I also did read up that Splunk also does not recommend any config management tool like puppet etc to be used to update cluster config ?...

Thanks

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...