Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Single deployment app for Prod, Test & DR.

Harinder_Singh
New Member
‎04-27-2018 02:19 PM

How we usually do business is; on our deployment server, we will create an app specific to its environment. Which can get repetitive and creates some overhead? Is it possible to consolidate this?

So, for instance, consider the following example:

We use Atlassian suite with a total of 7 products(Bamboo, Jira, etc.), each with Prod, Test, and DR environments. Is it possible to create a single app., for each product with the ability to differentiate between indices? i.e. - jira_test, jira_prod & jira-dr.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

amitm05
Builder
‎05-02-2018 01:48 AM

I would go with using the same index for your all Atlassian suite apps and env.
However I'd prefer to make use of event types and Tags to differentiate between my environments and apps.

E.g. If Hosts or Source IPs can be used to differentiate the environmental data, you could write an event type to say -
Host = xxx OR Host = yyy OR Host = zzz ...
Also create a Tag for this event type.

Also whatever the differentiator you have for recognizing the app specific event e.g. an App field, create an event type as
App = Jira
Also create a Tag for this event type.

Finally you would be able to see your data by simply querying something as :
Index = Atlassian tag = Production tag = Jira

Let me know if that suits you or anymore details are required.
Thanks.
Please upvote or accept as answer if it serves your purpose 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

amitm05
Builder
‎05-02-2018 01:48 AM

I would go with using the same index for your all Atlassian suite apps and env.
However I'd prefer to make use of event types and Tags to differentiate between my environments and apps.

E.g. If Hosts or Source IPs can be used to differentiate the environmental data, you could write an event type to say -
Host = xxx OR Host = yyy OR Host = zzz ...
Also create a Tag for this event type.

Also whatever the differentiator you have for recognizing the app specific event e.g. an App field, create an event type as
App = Jira
Also create a Tag for this event type.

Finally you would be able to see your data by simply querying something as :
Index = Atlassian tag = Production tag = Jira

Let me know if that suits you or anymore details are required.
Thanks.
Please upvote or accept as answer if it serves your purpose 🙂

Reply
Solved! Jump to solution

Harinder_Singh
New Member
‎05-03-2018 08:59 PM

@amitm05 this makes perfect sense and fits our use case. I will start working on implementing and get back to you with questions/updates I have.

Thanks a lot!

0 Karma
Reply
Solved! Jump to solution

amitm05
Builder
‎05-04-2018 04:50 AM

Sure. Do let me know if it works out for you. Cheers !

0 Karma
Reply
Solved! Jump to solution

amitm05
Builder
‎05-02-2018 01:51 AM

And also to mention that this would give you more flexibility on your searches. If in case you want to search over all bamboo data irrespective of your environment, you could simply say:
Index = Atlassian tag = Bamboo

And Yes of course, for once this will require you to do little work to setup all those tags and event types.

Reply
Solved! Jump to solution

twinspop
Influencer
‎05-01-2018 08:09 AM

Don't name your indexes differently. It's a terrible idea. When you create dashboards, reports, extractions, etc in lower envs, porting to higher envs could be problematic. Use tags or lookups to differentiate your environments if you really need to. Speaking from experience.

Reply
Solved! Jump to solution

Harinder_Singh
New Member
‎05-01-2018 02:51 PM

Are you saying have one index per application, e.g. - Bamboo, and distinguish between environments based on source type?

0 Karma
Reply
Solved! Jump to solution

twinspop
Influencer
‎05-01-2018 06:39 PM

Distinguish by host would be most common. You should keep sourcetype definitions consistent across environments. Again, in my experience.

0 Karma
Reply
Solved! Jump to solution

bjoernhansen
Path Finder
‎04-29-2018 01:13 AM

Am I getting this right?
You don't want to have three copies of your app, with the only difference being which index they should put their index into?

0 Karma
Reply
Solved! Jump to solution

Harinder_Singh
New Member
‎05-01-2018 02:44 PM

That is correct. I would really prefer to not have to create 21 apps for all Atlassian applications. From what I have read so far, this would require putting together a bash script placed on the deployment server. So each time the app servers call home, it knows what index to populate.

Thoughts? Am I least going in the right direction?

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-01-2018 02:55 PM

I don't think so I heard about such script. Do you have the reference link where you've seen it?

So, data for all environments of your Atlassian apps go to same Splunk instance (and that's the reason you've three different indexes)?

0 Karma
Reply
Solved! Jump to solution

Harinder_Singh
New Member
‎05-01-2018 03:23 PM

I don't think there's a specific link, it was just me putting 2 and 2 together.
Yes, data goes to a 2 node cluster indexers.

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...