Deployment Architecture

how to know app is synced between deployments-server and clients without RDP nor ssh into client servers


i have a deployment-server and 3000 clients, i made changes to one of the app, and it should pushed to all the forwarder agents which is associated with the app.

Here comes my challenge, what if i have no access to those servers at all? No RDP, and no SSH. I got _internal log, how i can tell if the client picked up the changes i made?

All comments and suggestions are welcome, just want to know how people deal with this situation

Thank you! Cheers!

0 Karma


Hi s0rbeto,

index=_internal on your deployment server will provide such information for the last 30 days (that's the default retention for this index). If you search like this:

index=_internal sourcetype=splunkd deployedapplication

you will get a nice bunch of information out of it.

Hope this helps ...

cheers, MuS

0 Karma


right, i knew this but lets say you make changes to certain app "Splunk_TA", supposingly the client should pick up whatever changes and restart splunkd. How you can tell if the client already pick up the recently modified changes?

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...