I downvoted this post because what good is "continuematching = false" in class1 if you have to define blacklist in class2 ???

the whole point of using "continuematching = false" is so that i don't have to go into every single subsequent serverclass and add blacklist.

I did not work without the blacklist statement ..are you saying the apps for whitelist=* were not deployed to specific client name ? which had continuematching =False..i found all apps were deployed to clientname including both server class...i wanted only class1 apps on clientname and not class2 apps..

can you post your final serverclass.conf? I tested the format I gave you locally, and it worked as expected.

• is not appearing in whitelist=* when i edit online

i dont see a consistent deployment ...does whitelist=clientname exclude whitelist=* ?
As i see serverclass with whitelist=*
also being deployed to serverclass having specific clientnames and continuematch=false

I have deleted the erroneous post /config as that was my last config and i had the config as you have stated before

Also checked
ndex=_internal source=*splunkd.log (component=application OR component=serverclass) warn OR error on the deployment server serach app and did not find any eror

agreed ..that was my first config...ie whitelist in serverclass and not app...it did nto work ,,thats when i went superfluous

The problem is where your whitelist= lines live. Those are only valid in global or serverClass stanzas, not in app stanzas. (Which is where you have them) Your stanzas should look like the following:

[global]
stateOnClient = enabled
filterType = whitelist
continueMatching = true

[serverClass:serverclass1]
continueMatching = false
whitelist.0=matchingclient

[serverClass:serverclass1:app:app1]

[serverClass:serverclass2]
continueMatching = true
whitelist.0=*

[serverClass:serverclass2:app:app2]

typo in whitelist * ..i just posted the most superfluous version above ...the whitelist was at serverclass before this and since default stance for continuematching was true had only the config as you said before

So if you have something like:

[serverClass:clientSpecific]
whitelist.0=matchingclient
continueMatching=false
[serverClass:clientSpecific:app:bar]

[serverClass:general]
whitelist.0=*
[serverClass:general:app:bar]

then the general class no longer matches and the apps are uninstalled?

Ok..i have 2 separate serverclass and found when i mention specific clientname whitelist on top of serverclass and continue matching =false in that serverclass:app stanza...it just ignored the rest of serverclass below it ..and all apps deployed with * were undeployed suddenly... and cant see the specific client name app also deployed..i do see the specific bundles in ~splunk/var/tmp...however i had moved one specific app from a serverclass with * whitelist to a new server class that was on the top with specific clientname and continuematching=false