I wanted to add same base configuration for workstations and have serverclasses divided by organizations but base app would be same on everyone. Now I have problem:  When you make changes (add host through webgui to one serverclass) and click save, it changes bundle epoch time under global_bundles and then other serverclasses say that file does not exist on server when clients try to download app. And then if I run reload deploy-server it's fine again. But everytime if I need to add client on any workstation serverclass it breaks all other serverclasses. It's pretty rough to run reload deploy-server command everytime because there will be pretty high load on the DS.  Is there any other way to handle this than making class-specific base apps? Running 9.4.1 12vCPU/12GB RAM.  ... View more

We have clustered Deployment Servers (with NFS shared drive) because we have total of clients tens of thousands at the final situation and we have deployed UF to Workstations and we have workstaion serverclass and few apps on it, including base_app which includes deploymentclient.conf, outputs.conf, server.conf and certificates. And when UF Agent is installed to Worstations trought SCCM it phoneshome and then it just tells Serverclass=workstations is uninstalling app=C:\ProgramFiles\SplunkUniversalForwarder\etc\apps\base_uf There is crossServerChecksum tried with true or false and no changes. We can't figure out it from any logs or so, there is nothing errors it just tells that it started to uninstall app and then restarts UF and loses connections. If we check one unique client it belongs only to one Serverclass, and Worstations Serverclass include our base_app and then Splunk_TA_windows and sysmon apps. We have version 9.4.1 on our Enterprise and UF's have 9.3.2, phonehomes coming trough F5 LoadBalancer. We are running out of ideas with this.  ... View more