All Apps and Add-ons

Using the Azure Monitor Add-on for Splunk, what is the best method for deploying via a Deployment Server?

andrewzuehlke
Explorer

Because this app stores a number of passwords and secrets in an encrypted format, I can't copy and put the the app on our deployment server as I normally do with other apps. Does anyone have a method for deploying the Splunk Azure Monitor from a Deployment Server to a heavy forwarder?

Thanks in advance!

0 Karma
1 Solution

woodcock
Esteemed Legend

You actually can. You just need to copy the splunk.secret file on your Deployment Server to all of the destinations. This is trivial to do before you start Splunk for the first time, however you can do it after the fact; see here:

https://www.hurricanelabs.com/splunk-tutorials/update-splunk-secret-without-breaking-your-production...

View solution in original post

0 Karma

woodcock
Esteemed Legend

You actually can. You just need to copy the splunk.secret file on your Deployment Server to all of the destinations. This is trivial to do before you start Splunk for the first time, however you can do it after the fact; see here:

https://www.hurricanelabs.com/splunk-tutorials/update-splunk-secret-without-breaking-your-production...

0 Karma

chrisyounger
SplunkTrust
SplunkTrust

Hi @andrewzuehlke

I typically just use the deployment server for managing universal forwarders only. There are many options for managing apps on HWF, for example:

  • You can use puppet/chef/ansible.
  • Pull from a git repository (ideally using one of the above)
  • Deploy it using the HWF UI (Manage App > Install app from file)

All the best

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...