- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- App from single-instance to distributed deployment...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi,
I already have splunk app (used splunk JDK for development) which runs fine on single-instance splunk.
I want to make my app compatible for distributed architecture. How can i proceed? Is there a proper documentation for this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi @ajain_mi,
There is no official document for this as that would really depend on your app and what it does.
Based on whether you've built a DA, TA, SA your app will simply have to go on different components of the distributed environment.
If for example it's an app for collecting data then you'll have to include it on your Heavy Forwaders; if it's a visualization or dashboard app then you need to have it on your SH, etc..
Let me know if that helps or if you need further details.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi @ajain_mi,
There is no official document for this as that would really depend on your app and what it does.
Based on whether you've built a DA, TA, SA your app will simply have to go on different components of the distributed environment.
If for example it's an app for collecting data then you'll have to include it on your Heavy Forwaders; if it's a visualization or dashboard app then you need to have it on your SH, etc..
Let me know if that helps or if you need further details.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thanks, @DavidHourani.
My app does both things it collects data as well as visualize that data.
But I want different things to happen in different places like Forwarder pushing data, Indexer creating indexes and storing the data etc. In short, I want to make my app compatible with distributed deployment.
I used Splunk packaging toolkit (http://dev.splunk.com/view/packaging-toolkit/SP-CAAAE9V#required) to divide my app but that didn't work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
@ajain_mi,
In that case you just need to split your app into a TA for forwarding and field extraction and an app that contains the dashboards and index definition for indexers and search heads. Then use the documentation to describe what goes where. That's the simplest way to go about it imo.
Routing Data to Different Splunk Indexes in the OpenTelemetry Collector
Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...
Register to Attend BSides SPL 2022 - It's all Happening October 18!
