Looking to leverage Index replication but still unsure on how to deploy apps with views,search time apps to participating indexers?,search heads
online documentation suggestes there are some limitation for Cluster apps in sense tknowledge bundel dont support search time artifacts ....so how does one actually achieve search time apps in Clustered environments..confused ...and appreciate pointers as i may be amiss on the caveats of CLuster apps ?
It depends on the app. Some of them will have to be installed in search head only. Others will have components that go on search pears and search head.
I thought it was going to be an issue but it really isn't. I guess it can be inconvenient that on search pears you can use the bundle but the search head will need to be a manual install.
And there is not any way to make the search head a deployment client ?...it has to be manual only ?
I also did read up that Splunk also does not recommend any config management tool like puppet etc to be used to update cluster config ?...
I am going to glom onto this post and try to get better details then "depends" to the question. I understand that all outliers depend.. but lets keep this simple.
*NIX app How do you do deployment across a cluster designed NSPOF:
4 x Indexer
1 x Cluster mater
1 x Deployer / license server
3 x Search nodes in SH Cluster (VIP for HA)
2 x Heavy forwarders collecting syslog /snmp / json (VIP for HA on inbound)
I did read
Design for file location:
splunkcmaster01 -> /opt/splunk/etc/masterapps/ (used for index node component deployment)
splunkdeploy01 -> /opt/splunk/etc/shcluster/apps/ (used for Search Head Cluster Nodes)
-> /opt/splunk/etc/deployment.apps/ (Forwarders)
Example: *NIX app deployment (via best practice)
Step 1: Download splunk-app-for-unix-and-linux_503.tgz onto splunkdeploy01
Step 2: copy files from within tarball out to different splunk directories
[root@splunkdeploy01 /]# cd /tmp/
[root@splunkdeploy01 tmp]# cp /media/labfiles/Software/Splunk/apps/splunk-app-for-unix-and-linux503.tgz .
[root@splunkdeploy01 tmp]# tar -zxvf splunk-app-for-unix-and-linux503.tgz
[root@splunkdeploy01 tmp]# cd splunkappfornix/
?? < missing explaination of what dir / files goes where. I think /SA-nix goes in one folder and /TAnix goes in another folder but also some parts go onto search head. > ??
[root@splunkdeploy01 /]# ls /tmp/splunkappfornix/install/
1) README.txt within app has no info to guide on this procedure. And docs website does not speak to cluster type deployment. Is there a guide for or youtube for how this is done?
Once I get the answer for this I can post this.. and as I crawl through other apps deploy on cluster.. I can post that. (example DB connect , Exchange, VWare etc.. which say a lot of "deploy like standalone" but peices to the process are missing... or I am missing the "Very Fine Manual"