Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why does one serverclass appear via the REST API and the other doesn't?

a212830
Champion
‎08-15-2016 09:53 AM

Hi,

We are giving our customers the ability to install ufw via a chef recipe, and also provide a serverclass, so that they can automatically start logging their appropriate servers.

Part of our recipe is to check that the serverclass provided actually exists.. We do this with the following command:

curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i serverclass

Unfortunately, we've found that this does not always work, but we are not sure why.

For example, this works:

Command: curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i clientlog
Result: 

<title>fmrapp_all_c2c_cheflogs_clientlog_fwd</title>

But this does not:

Command: curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i ftgdev
Result: Nothing

I checked the serverclass.conf. The serverclass exists in ../etc/system/local/serverclass.conf and there is only one copy of serverclass.conf under ../etc.

I'm baffled. If I just query curl -k -s 0 -u user:passwd https://myhot:8089/services/deployment/server/serverclasses and grep on the "ftgdev" it appears, but not as it's own entity, with a title and an id.

0 Karma
Reply

sloshburch
Ultra Champion
‎08-15-2016 02:15 PM

Ooooh. A bounty on this one! How delicious. lol

I may be reading too fast: did you try just switching to the servericesNS so you make the call to be in all scopes?
https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses

It sounds as if the user doing the querying maybe just doesn't see the private config created by another user, or app separation, or something like that?

Reply

a212830
Champion
‎08-15-2016 05:52 PM

Nope. Tried with the admin user as well, using the scope you provided:

curl -k  -u admin:mypass  https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses |grep -i title |grep -i ftgdev

If I do the samething with the other one:

curl -k  -u admin:pass  https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses |grep -i title |grep -i clientlog
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  182k  100  182k    0     0  1318k      0 --:--:-- --:--:-- --:--:-- 5879k
    <title>fmrapp_all_c2c_cheflogs_clientlog_fwd</title>

Btool:

./splunk btool serverclass list --debug |grep -i clientlog
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp_all_c2c_cheflogs_clientlog_fwd]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp_all_c2c_cheflogs_clientlog_fwd:app:fmrapp_all_c2c_cheflogs_input]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp_all_c2c_cheflogs_clientlog_fwd:app:fmrapp_all_c2c_cheflogs_props]

./splunk btool serverclass list --debug |grep -i ftgdev
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd2]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd2:app:ftgdev_all_fidelitycentral_input]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd2:app:ftgdev_all_fidelitycentral_props]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd:app:ftgdev_all_fidelitycentral_input]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd:app:ftgdev_all_fidelitycentral_props]

0 Karma
Reply

sloshburch
Ultra Champion
‎08-16-2016 06:16 AM

Did you check the local.meta and default.meta to ensure they are not private?

Are you able to see them when using the actual serverclass endpoint? http://docs.splunk.com/Documentation/Splunk/6.4.2/RESTREF/RESTdeploy#deployment.2Fserver.2Fservercla...

Also, I think you can explore what exists through a browser by navigating to the splunkd port and selecting the 'services' link. Eventually you'll end up at https://myhost:8089/services/deployment/server/serverclasses in the UI where it might be easier to parse.

If all else fails, I'd destroy the 'missing' one and see if you can recreate it without the issue. If the issue persists upon recreation, then let's talk about how it's being created.

0 Karma
Reply

a212830
Champion
‎08-16-2016 06:28 AM

Thanks. Local and default meta in what context?

0 Karma
Reply

sloshburch
Ultra Champion
‎08-16-2016 07:09 AM

Wherever btool said those config live. In this case it's system.

0 Karma
Reply

bmacias84
Champion
‎08-15-2016 02:47 PM

Damn it beat me to the punch.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...