Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it safe to deploy apps with lookups using the deployment server?

d044160
Explorer
‎11-21-2014 09:40 AM

We're not sure whether it's safe to use the deployment server feature for all our apps, especially those with lookup files.
We want to deploy an app that has several lookup files as csv in its 

$appname/lookups/
directory. These apps will be rolled out to several search heads. On the search heads the csv files will be updated with data regularly.

Will there be a redeployment once the search head phones home to the deployment server, thus overwriting the csv? When and how is the check sum of the deployed app computed?

Thanks!

0 Karma
Reply

jgoddard
Path Finder
‎05-14-2015 11:19 AM

This is possible, and supported, however it will be tricky if you wish to UPDATE the lookups post deploy via the deployment server.

There is a deployment server option to exclude folders/files from updates:
excludeFromUpdate = $app_root$/lookups

This will populate the lookups directory if it doesn't exist, but if the app already has a lookups folder it will completely ignore it. If you have a single lookup file that you wish to exclude from the deployment server, you should be able to specify that particular lookup:
excludeFromUpdate = $app_root$/lookups/mylookup.csv

Hope this helps,
Jim Goddard

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎11-24-2014 02:57 PM

I'd say no but can't find the relevant docs right now 😞

This should be fairly easy to test though.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...