IT Operations Discussions
All the up-time. All the nines.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Multiple Instances of a TA/App

anapp
Explorer
‎10-08-2020 01:38 AM

Scenario:

  • Team A ask for an app e.g. Splunk App for Jenkins, which is installed and all is well.
  • Now team B comes along wanting the same app. 
  • Teams A and B cannot have access to each others' data.

So, how would this be tackled?

This must be a fairly common scenario for other organisations, but cannot find any useful so would welcome any advice 🙂

The only way I can see is to customise the app in question with different indexes etcetera - but previous experience has taught be such things are never quite as easy to achieve as one might hope. 

Tags (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
‎10-08-2020 06:28 AM

Assuming the app doesn't have support for multiple teams and sets of indexes then, yes, you'll need multiple instances of the app.

The easiest way to do that is with separate search heads - one for each team.  That's simpler with VMs, but still makes managing Splunk more complicated.  It's not as complicated as the alternative, though.

If you can't use separate SHs then you'll have to install multiple apps on the same SH.  It's a manual process.  The copy will need a different directory within $SPLUNK_HOME/etc/apps.  You'll also need to change the label in default/app.conf so the teams can tell which instance is theirs.  The biggest challenge is modifying the duplicate instance not only to use the other set of indexes, but to make sure any links to other app pages (drilldowns, etc.) refer to the right app instance.  Of course, you'll have to repeat this process when the app is updated.

---
If this reply helps you, Karma would be appreciated.

anapp
Explorer
‎10-09-2020 01:53 AM

Thanks for that, food for thought.

If I go down the team search head route - does that not still lead to confusion regarding any indexes created by the app?

0 Karma

isoutamo
SplunkTrust
SplunkTrust
‎10-09-2020 11:24 AM
As you said that teams can’t access to another team data, you must (should) use separate indexes to them and manage acces with those.
Another way is to use search filters on roles, but this probably generates more issues than solves....
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...