does this affect anything typically?
I ask this because I have apps that I downloaded from splunkbase and put into /opt/splunk/etc/shcluster/apps and rand the command recomened but thoses apps arent showing up in apps on any of my SHs in my cluster
Hi @domino30
It's due to at least one app you are looking to deploy from the SHC deployer already being part of the Splunk enterprise base package set. In our experience, it was due to the Splunk upgrade readiness app (python_upgrade_readiness_app) which is now part of the default base Splunk install.
You can check the default base package apps on your search head by looking at its manifest file, e.g.
[splunk@myhost ~]$ awk -F'/' '/etc\/apps\/\w+ \-/{print $0}' $SPLUNK_HOME/splunk-*-manifest
d 755 splunk splunk splunk/etc/apps/SplunkForwarder -
d 755 splunk splunk splunk/etc/apps/SplunkLightForwarder -
d 755 splunk splunk splunk/etc/apps/alert_logevent -
d 755 splunk splunk splunk/etc/apps/alert_webhook -
d 755 splunk splunk splunk/etc/apps/appsbrowser -
d 755 splunk splunk splunk/etc/apps/introspection_generator_addon -
d 755 splunk splunk splunk/etc/apps/journald_input -
d 755 splunk splunk splunk/etc/apps/launcher -
d 755 splunk splunk splunk/etc/apps/learned -
d 755 splunk splunk splunk/etc/apps/legacy -
d 755 splunk splunk splunk/etc/apps/python_upgrade_readiness_app -
d 755 splunk splunk splunk/etc/apps/sample_app -
d 755 splunk splunk splunk/etc/apps/search -
d 755 splunk splunk splunk/etc/apps/splunk_archiver -
d 755 splunk splunk splunk/etc/apps/splunk_essentials_8_2 -
d 755 splunk splunk splunk/etc/apps/splunk_gdi -
d 755 splunk splunk splunk/etc/apps/splunk_httpinput -
d 755 splunk splunk splunk/etc/apps/splunk_instrumentation -
d 755 splunk splunk splunk/etc/apps/splunk_internal_metrics -
d 755 splunk splunk splunk/etc/apps/splunk_metrics_workspace -
d 755 splunk splunk splunk/etc/apps/splunk_monitoring_console -
d 755 splunk splunk splunk/etc/apps/splunk_rapid_diag -
d 755 splunk splunk splunk/etc/apps/splunk_secure_gateway -Compare it to the apps you are looking to deploy from the SHC deployer.
Options:
1. If you want to upgrade a Splunk default app then that is OK, but you'll need to use the recommended -push-default-apps true parameter. A symptom of doing this is that after a Splunk SHC member restarts a warning message about the manifest no longer matching is written, which makes sense when you think about it. We just ignore it.
2. The other option is not to upgrade the default install app and remove it from the SHC deployer.
Hope that helps
