Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to manually deploy splunk app on deployment client?

richnavis
Contributor
‎07-11-2018 03:58 PM

Hello, I would like to manually deploy a splunk TA app to a server that is configured to receive apps from it's deployment server. I am concerned that if I manually deploy an app, the deployment server will remove it next time the deployment client restarts. The reason I would like to do this is because the splunk TA that I am installing does not support deployment by the deployment server. Please advise how to work around this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎07-11-2018 04:57 PM

" the deployment server will remove it next time the deployment client restarts.

This will only happen if your deployment server is configured to send such an app (an empty app or an disabled version of it)
by default, it will not touch any local apps that are not "managed" by it's serverclass.conf

However, it can be an extra complexity later to manage if you have a mix of manual and automatically deployed apps.

View solution in original post

Reply
Solved! Jump to solution

PowerPacked
Builder
‎07-11-2018 06:59 PM

Hi @ richnavis

Take a look if by adding this line to severclass.conf works for you.

excludeFromUpdate = location of your app.

Thanks

0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎07-11-2018 04:57 PM

" the deployment server will remove it next time the deployment client restarts.

This will only happen if your deployment server is configured to send such an app (an empty app or an disabled version of it)
by default, it will not touch any local apps that are not "managed" by it's serverclass.conf

However, it can be an extra complexity later to manage if you have a mix of manual and automatically deployed apps.

Reply
Solved! Jump to solution

richnavis
Contributor
‎07-12-2018 09:49 AM

Thanks yannK.... I went ahead and tested this and that is exactly what happens. Splunk does not remove it.

I agree that having a mixture of manual and auto apps could be confusing, and that is not what I'd prefer to do, but it appears the splunk documentation suggest that deploying the splunk_ta_aws app should'nt be done by the deployment server when deploying to the heavy forwarder. Anyway, your wisdom helped. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...