Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why does one serverclass appear via the REST API and the other doesn't?

a212830
Champion
‎08-15-2016 09:53 AM

Hi,

We are giving our customers the ability to install ufw via a chef recipe, and also provide a serverclass, so that they can automatically start logging their appropriate servers.

Part of our recipe is to check that the serverclass provided actually exists.. We do this with the following command:

curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i serverclass

Unfortunately, we've found that this does not always work, but we are not sure why.

For example, this works:

Command: curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i clientlog
Result: 

<title>fmrapp_all_c2c_cheflogs_clientlog_fwd</title>

But this does not:

Command: curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i ftgdev
Result: Nothing

I checked the serverclass.conf. The serverclass exists in ../etc/system/local/serverclass.conf and there is only one copy of serverclass.conf under ../etc.

I'm baffled. If I just query curl -k -s 0 -u user:passwd https://myhot:8089/services/deployment/server/serverclasses and grep on the "ftgdev" it appears, but not as it's own entity, with a title and an id.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎08-15-2016 02:15 PM

Ooooh. A bounty on this one! How delicious. lol

I may be reading too fast: did you try just switching to the servericesNS so you make the call to be in all scopes?
https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses

It sounds as if the user doing the querying maybe just doesn't see the private config created by another user, or app separation, or something like that?

Reply

a212830
Champion
‎08-15-2016 05:52 PM

Nope. Tried with the admin user as well, using the scope you provided:

curl -k  -u admin:mypass  https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses |grep -i title |grep -i ftgdev

If I do the samething with the other one:

curl -k  -u admin:pass  https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses |grep -i title |grep -i clientlog
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  182k  100  182k    0     0  1318k      0 --:--:-- --:--:-- --:--:-- 5879k
    <title>fmrapp_all_c2c_cheflogs_clientlog_fwd</title>

Btool:

./splunk btool serverclass list --debug |grep -i clientlog
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp_all_c2c_cheflogs_clientlog_fwd]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp_all_c2c_cheflogs_clientlog_fwd:app:fmrapp_all_c2c_cheflogs_input]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp_all_c2c_cheflogs_clientlog_fwd:app:fmrapp_all_c2c_cheflogs_props]

./splunk btool serverclass list --debug |grep -i ftgdev
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd2]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd2:app:ftgdev_all_fidelitycentral_input]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd2:app:ftgdev_all_fidelitycentral_props]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd:app:ftgdev_all_fidelitycentral_input]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev_all_fidelitycentral_fwd:app:ftgdev_all_fidelitycentral_props]

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎08-16-2016 06:16 AM

Did you check the local.meta and default.meta to ensure they are not private?

Are you able to see them when using the actual serverclass endpoint? http://docs.splunk.com/Documentation/Splunk/6.4.2/RESTREF/RESTdeploy#deployment.2Fserver.2Fservercla...

Also, I think you can explore what exists through a browser by navigating to the splunkd port and selecting the 'services' link. Eventually you'll end up at https://myhost:8089/services/deployment/server/serverclasses in the UI where it might be easier to parse.

If all else fails, I'd destroy the 'missing' one and see if you can recreate it without the issue. If the issue persists upon recreation, then let's talk about how it's being created.

0 Karma
Reply

a212830
Champion
‎08-16-2016 06:28 AM

Thanks. Local and default meta in what context?

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎08-16-2016 07:09 AM

Wherever btool said those config live. In this case it's system.

0 Karma
Reply

bmacias84
Champion
‎08-15-2016 02:47 PM

Damn it beat me to the punch.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...