We currently have an Splunk add-on that is cluster-naive and would like to convert it to be able to be deployed on a Search Head Cluster. I have been able to location information packing apps for clusters so far. Is packing the only stage of development where we need to consider a clustered environment, or are there steps that need to be taken earlier in app development in order to ensure the app is deployable on a cluster?
It would help to know a little more about the features used in your app, but some general advice would be:
One key thing is to ensure that any configuration file changes made in your app are done via the REST API so that they are synchronized across the cluster. For example, if your application code needs to change configurations, this should be done via the API instead of by changing local .conf files directly.
You can also use Splunk AppInspect to check for known issues in your app - there are several checks relating to clustered deployments.
Appreciate the info! We are already making changes to conf files via the REST API, so should be all set there.
The app (actually an add-on) is pretty simple. We take input from the user (currently via setup.xml and soon to be a setup view) and save the configuration values via the REST API (using Splunk Python SDK soon to be Splunk JS SDK). We also have a modalert script that sends splunk search data or notable event data to a 3rd party app when a saved search is matched.