Getting Data In

Why does one serverclass appear via the REST API and the other doesn't?

Champion

Hi,

We are giving our customers the ability to install ufw via a chef recipe, and also provide a serverclass, so that they can automatically start logging their appropriate servers.

Part of our recipe is to check that the serverclass provided actually exists.. We do this with the following command:

curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i serverclass

Unfortunately, we've found that this does not always work, but we are not sure why.

For example, this works:

Command: curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i clientlog
Result:

<title>fmrapp_all_c2c_cheflogs_clientlog_fwd</title>

But this does not:

Command: curl -k -s 0 -u user:passwd https://myhost:8089/services/deployment/server/serverclasses |grep -i title |grep -i ftgdev
Result: Nothing

I checked the serverclass.conf. The serverclass exists in ../etc/system/local/serverclass.conf and there is only one copy of serverclass.conf under ../etc.

I'm baffled. If I just query curl -k -s 0 -u user:passwd https://myhot:8089/services/deployment/server/serverclasses and grep on the "ftgdev" it appears, but not as it's own entity, with a title and an id.

0 Karma

Ultra Champion

Ooooh. A bounty on this one! How delicious. lol

I may be reading too fast: did you try just switching to the servericesNS so you make the call to be in all scopes?
https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses

It sounds as if the user doing the querying maybe just doesn't see the private config created by another user, or app separation, or something like that?

Champion

Nope. Tried with the admin user as well, using the scope you provided:

curl -k  -u admin:mypass  https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses |grep -i title |grep -i ftgdev

If I do the samething with the other one:

curl -k  -u admin:pass  https://myhost:8089/servicesNS/-/-/deployment/server/serverclasses |grep -i title |grep -i clientlog
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  182k  100  182k    0     0  1318k      0 --:--:-- --:--:-- --:--:-- 5879k
    <title>fmrapp_all_c2c_cheflogs_clientlog_fwd</title>

Btool:

./splunk btool serverclass list --debug |grep -i clientlog
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrappallc2ccheflogsclientlogfwd]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrapp
allc2ccheflogsclientlogfwd:app:fmrappallc2ccheflogsinput]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:fmrappallc2ccheflogsclientlogfwd:app:fmrappallc2ccheflogs_props]

./splunk btool serverclass list --debug |grep -i ftgdev
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdevallfidelitycentralfwd]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdev
allfidelitycentralfwd2]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdevallfidelitycentralfwd2:app:ftgdevallfidelitycentralinput]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdevallfidelitycentralfwd2:app:ftgdevallfidelitycentralprops]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdevallfidelitycentralfwd:app:ftgdevallfidelitycentralinput]
/apps/splunk/etc/system/local/serverclass.conf [serverClass:ftgdevallfidelitycentralfwd:app:ftgdevallfidelitycentralprops]

0 Karma

Ultra Champion

Did you check the local.meta and default.meta to ensure they are not private?

Are you able to see them when using the actual serverclass endpoint? http://docs.splunk.com/Documentation/Splunk/6.4.2/RESTREF/RESTdeploy#deployment.2Fserver.2Fservercla...

Also, I think you can explore what exists through a browser by navigating to the splunkd port and selecting the 'services' link. Eventually you'll end up at https://myhost:8089/services/deployment/server/serverclasses in the UI where it might be easier to parse.

If all else fails, I'd destroy the 'missing' one and see if you can recreate it without the issue. If the issue persists upon recreation, then let's talk about how it's being created.

0 Karma

Champion

Thanks. Local and default meta in what context?

0 Karma

Ultra Champion

Wherever btool said those config live. In this case it's system.

0 Karma

Champion

Damn it beat me to the punch.

0 Karma