On my replication bundle I have a whole list of unwanted files that exists from a particular App "XYZ" which are as shown below
apps/XYZ/bin/suds/mx/typer.pyc
apps/XYZ/bin/suds/mx/encoded.py
apps/XYZ/bin/suds/mx/__init__.pyc
apps/XYZ/bin/suds/mx/literal.py
apps/XYZ/bin/suds/mx/__init__.py
apps/XYZ/bin/suds/options.py
apps/XYZ/bin/suds/sudsobject.py
Now, how can i apply replicationblacklist to anything that is under the APP "XYZ" ?
distsearch.conf
[replicationBlacklist]
....
Hello,
Please, try that:
[replicationBlacklist]
block_suds_mx_files = apps/XYZ/bin/suds/mx/*.(py$|pyc$)
block_suds_files = apps/XYZ/bin/suds/*.(py$|pyc$)
Use [replicationDenylist] stanza instead, the above stanza you mentioned has been deprecated.
Hello @VatsalJagani ,
Can this work for shcluster when i have my app in etc/shcluster/app ?
In other word can i blacklist an app located in etc/shcluster/app/?
It has to be done on the deployer right?
Thanks
Yes, it will work.
How:
Any ideas
Thanks
@Senak - Below are answers to your questions:
This is the error i am dealing with when trying to push a new app on my SH cluster.
Error while creating deployable apps: Error compressing the temporary tarball: /opt/splunk/var/run/splunk/deploy.1805b9b8294a5b90.tmp/apps/SplunkEnterpriseSecuritySuite.bundle: No space left on device
It seems like Splunk Enterprise bundle is too big. How can i reduce it size or even prevent splunk to create a bundle for it?
Kind regards
I would say create disk space on the deployer and SH for the bundle, that would be my advise.