Splunk Enterprise Security

splunk add-on installation on deployment server- commands/installation setups on linxes server CLI commands

kiranhar
Explorer

I need to install an updated app on the deployment server, please provide me the steps/commands to install the add-on ( updated app) on the deployment server and then push to other Splunk instances. I am getting the following error when I try to install the updated app on search head directly,

There was an error processing the upload.app=Splunk_TA_juniper is already managed via deployment client; it may not be overridden via search head cluster deployer, UI, CLI, or REST API; remove existing app=Splunk_TA_juniper via deployment server if you wish to install it via any of these other mechanisms

0 Karma
1 Solution

woodcock
Esteemed Legend

Install the app on the Deployment Server through the GUI and configure it as necessary. Then go to the CLI of the DS and move the app from the .../apps/ directory to the .../deployment-apps/ directory, taking care to merge anything in the current app's .../local/ directory with the new app first. Then restart Splunk on the DS.

View solution in original post

0 Karma

woodcock
Esteemed Legend

Install the app on the Deployment Server through the GUI and configure it as necessary. Then go to the CLI of the DS and move the app from the .../apps/ directory to the .../deployment-apps/ directory, taking care to merge anything in the current app's .../local/ directory with the new app first. Then restart Splunk on the DS.

0 Karma

woodcock
Esteemed Legend

@kiranhar I see in your comment that this worked so do come back and click Accept to close the question.

0 Karma

kiranhar
Explorer

Done. Thanks

0 Karma

lloydknight
Builder

Hello @kiranhar

See this link below:
https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges

You're not supposed to deploy apps directly on a Search Head Cluster using the Deployment Server.

Let me know if this is not the case.

Thanks!

0 Karma

kiranhar
Explorer

Thanks. The search head is not in a cluster. However, I have followed the process suggested by woodcock and my installation goes smooth. I have verified on Splunk relevant instances after that and Splunk add-on is updated everywhere.

0 Karma

lloydknight
Builder

Hello @kiranhar

are you trying to deploy an add-on using Deployment Server on a Search Head Cluster?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...