Solved: setup.xml not supported on search head cluster?

mmarkleybac · ‎01-17-2020

I've built a modular alert with a setup.xml to create credentials on the storage/passwords endpoint and to store a setting in local/app.conf. Everything works as expected on my standalone test system.

When I deploy it to a search head cluster (7.3.2) via the deployer, the "Set up" link doesn't show next to the app in "Manage Apps". I can navigate to the setup page manually (/en-US/manager//apps/local//setup?action=edit) and save the settings, but the local/app.conf doesn't replicate to the other members of my search head cluster. I'm thinking of testing a custom endpoint for the config piece instead of putting it into app.conf, but I don't want to go too far down this road if I'm taking the wrong approach.

Is setup.xml not supported on a search head cluster environment? How about making changes to local/app.conf? I have to assume modular alerts in general are.

adonio · ‎01-17-2020

as a rule of thumb, apps that require setup are first to be set up on the Deployer (or any other instance), then copy the relevant directory (app) to the shcluster/apps directory and push from there.

View solution in original post

adonio · ‎01-17-2020

as a rule of thumb, apps that require setup are first to be set up on the Deployer (or any other instance), then copy the relevant directory (app) to the shcluster/apps directory and push from there.

mmarkleybac · ‎01-17-2020

Interesting; I couldn't find that in the docs, but it makes sense, especially with the deployer_push_mode I see popped up in 7.x (my cluster was built on 6.6). Thanks.

setup.xml not supported on search head cluster?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases