Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is my authentication.conf app appearing in the apps and slave-apps folder on indexers in our Splunk Enterprise 6.3.2 indexer cluster?

BlueSocket
Communicator
‎06-09-2016 10:03 AM

Dear All,

I have a deployment server and a single cluster master with two clustered indexers (pretty simple) in this setup.

As documented everywhere, I am distributing the authentication.conf files in Apps and using the cluster master to distribute this.

I created an auth\local\authentication.conf app and I have put this into the master-apps folder on the Cluster Master.

When I look at the Indexers, I see that the auth\local\authentication.conf app is appearing in the slave-apps folder AND in the apps folder.

When I check this in btool, I see that the bindDNpassword in the slave-apps directory is plain text and not encrypted, but Splunk has encrypted the bindDNpassword in the apps folder.

I don't believe that this is expected behaviour - how do I get this to work?

Regards,

BlueSocket

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
SplunkTrust
SplunkTrust
‎06-16-2016 05:55 AM

Hi @BlueSocket

This is expected behavior, as per http://docs.splunk.com/Documentation/Splunk/6.3.2/Indexer/Updatepeerconfigurations#Settings_that_you...

Thanks,
Harshil

Reply
Solved! Jump to solution

BlueSocket
Communicator
‎06-16-2016 06:55 AM

Good enough for me... I am getting rid of it on the Indexers.

0 Karma
Reply
Solved! Jump to solution

BlueSocket
Communicator
‎06-16-2016 06:06 AM

Harshil,

This makes sense, from everything that I have seen and understand, but if I need to distribute the authentication.conf to all of the indexers and the cluster master/configuration bundles are the only way, what am to do for items like this? Am I to manually put the app into the /etc/apps directory and then send another Configuration Bundle down to my indexers to get them to pick up the new app?

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
SplunkTrust
SplunkTrust
‎06-16-2016 06:53 AM

@BlueSocket,

I didn't understand why you need to push authentication.conf every time to Indexer cluster because search head sending bundles to Indexers when any search query will execute on search head and it will pass necessary authentication to Indexer, so no need to provide access to any users on Indexer. Only you need to provide access users on search heads.

And if you really want to push authentication.conf in indexer cluster then there will no solution for your requirement as per my knowledge.

Thanks,
Harshil

Reply
Solved! Jump to solution

BlueSocket
Communicator
‎06-16-2016 05:27 AM

Does anyone know why this might be?

Should I be doing this?

Should I send this in as a bug to Support?

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...