Re: How does search head clustering refer to pytho...

kimch330 · ‎04-13-2020

i have search head A and B and C.
it is search head clustering structure.

i modified $SPLUNK_HOME/etc/apps/custom_apps/lib/connect.py from search head C and restartss to search head C only.

i think change and applied from search head C only.

but, search head A and B together change and applied

my questions mean I modified Search Head C directly without using deployer, but why does it work? and How does search head clustering refer to python files in this case?

kamlesh_vaghela · ‎04-14-2020

@kimch330

I don't think any python file which is modified through backend will replicate. In such changes, you should go with the deployer. Deployer will take care of that.

The changes that the cluster replicates

These are the main types of configuration changes that the cluster replicates:

Runtime changes or additions to knowledge objects, such as saved searches, lookup tables, and dashboards. For example, when a user in Splunk Web defines a field extraction, the cluster replicates that field extraction to all search heads in the cluster.
Runtime changes to users and roles. See Add users to the search head cluster.

Please check the below document for more information about replication.

https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/HowconfrepoworksinSHC

Thanks

How does search head clustering refer to python files in this case?

app

Python

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?