IT Operations Discussions
All the up-time. All the nines.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Multiple Instances of a TA/App

anapp
Explorer
‎10-08-2020 01:38 AM

Scenario:

  • Team A ask for an app e.g. Splunk App for Jenkins, which is installed and all is well.
  • Now team B comes along wanting the same app. 
  • Teams A and B cannot have access to each others' data.

So, how would this be tackled?

This must be a fairly common scenario for other organisations, but cannot find any useful so would welcome any advice 🙂

The only way I can see is to customise the app in question with different indexes etcetera - but previous experience has taught be such things are never quite as easy to achieve as one might hope. 

Tags (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
‎10-08-2020 06:28 AM

Assuming the app doesn't have support for multiple teams and sets of indexes then, yes, you'll need multiple instances of the app.

The easiest way to do that is with separate search heads - one for each team.  That's simpler with VMs, but still makes managing Splunk more complicated.  It's not as complicated as the alternative, though.

If you can't use separate SHs then you'll have to install multiple apps on the same SH.  It's a manual process.  The copy will need a different directory within $SPLUNK_HOME/etc/apps.  You'll also need to change the label in default/app.conf so the teams can tell which instance is theirs.  The biggest challenge is modifying the duplicate instance not only to use the other set of indexes, but to make sure any links to other app pages (drilldowns, etc.) refer to the right app instance.  Of course, you'll have to repeat this process when the app is updated.

---
If this reply helps you, Karma would be appreciated.

anapp
Explorer
‎10-09-2020 01:53 AM

Thanks for that, food for thought.

If I go down the team search head route - does that not still lead to confusion regarding any indexes created by the app?

0 Karma

isoutamo
SplunkTrust
SplunkTrust
‎10-09-2020 11:24 AM
As you said that teams can’t access to another team data, you must (should) use separate indexes to them and manage acces with those.
Another way is to use search filters on roles, but this probably generates more issues than solves....
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...