Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it safe to deploy apps with lookups using the deployment server?

d044160
Explorer
‎11-21-2014 09:40 AM

We're not sure whether it's safe to use the deployment server feature for all our apps, especially those with lookup files.
We want to deploy an app that has several lookup files as csv in its 

$appname/lookups/
directory. These apps will be rolled out to several search heads. On the search heads the csv files will be updated with data regularly.

Will there be a redeployment once the search head phones home to the deployment server, thus overwriting the csv? When and how is the check sum of the deployed app computed?

Thanks!

0 Karma
Reply

jgoddard
Path Finder
‎05-14-2015 11:19 AM

This is possible, and supported, however it will be tricky if you wish to UPDATE the lookups post deploy via the deployment server.

There is a deployment server option to exclude folders/files from updates:
excludeFromUpdate = $app_root$/lookups

This will populate the lookups directory if it doesn't exist, but if the app already has a lookups folder it will completely ignore it. If you have a single lookup file that you wish to exclude from the deployment server, you should be able to specify that particular lookup:
excludeFromUpdate = $app_root$/lookups/mylookup.csv

Hope this helps,
Jim Goddard

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎11-24-2014 02:57 PM

I'd say no but can't find the relevant docs right now 😞

This should be fairly easy to test though.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...