Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it safe to deploy apps with lookups using the deployment server?

d044160
Explorer
‎11-21-2014 09:40 AM

We're not sure whether it's safe to use the deployment server feature for all our apps, especially those with lookup files.
We want to deploy an app that has several lookup files as csv in its 

$appname/lookups/
directory. These apps will be rolled out to several search heads. On the search heads the csv files will be updated with data regularly.

Will there be a redeployment once the search head phones home to the deployment server, thus overwriting the csv? When and how is the check sum of the deployed app computed?

Thanks!

0 Karma
Reply

jgoddard
Path Finder
‎05-14-2015 11:19 AM

This is possible, and supported, however it will be tricky if you wish to UPDATE the lookups post deploy via the deployment server.

There is a deployment server option to exclude folders/files from updates:
excludeFromUpdate = $app_root$/lookups

This will populate the lookups directory if it doesn't exist, but if the app already has a lookups folder it will completely ignore it. If you have a single lookup file that you wish to exclude from the deployment server, you should be able to specify that particular lookup:
excludeFromUpdate = $app_root$/lookups/mylookup.csv

Hope this helps,
Jim Goddard

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎11-24-2014 02:57 PM

I'd say no but can't find the relevant docs right now 😞

This should be fairly easy to test though.

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...