Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Deployment App Configurations on Universal Forwarder not Working

knutsod
Path Finder
‎06-24-2014 02:57 PM

I am using a deployment server to push out an "app" that has an input.conf file and output.conf file in the local directory of the app. The app is being pushed out to the clients and the configs look fine; however the config does not seem to be applied. I have a feeling I need to restart the Splunk Forwarder service, but there must be a way to automate this. Having to restart the service on the many servers this app applies to seems silly. Any suggestions?

0 Karma
Reply

lguinn2
Legend
‎06-24-2014 03:23 PM

In the serverclass.conf file, you can specify that the forward restart after installing a new (or updated) app. You can set this at the global level, for a serverclass, or for an app+serverclass combination:

[global]
restartSplunkd = true

[serverClass:MyServerGroup]
restartSplunkd = true

[serverClass:MyServerGroup:app:MyExampleApp]
restartSplunkd = true

Obviously, choose the level that works best for you!

0 Karma
Reply

knutsod
Path Finder
‎06-24-2014 04:07 PM

I have this configured, I think the problem might be else ware. It seems to me that the config is just not applying.

0 Karma
Reply

DaClyde
Contributor
‎11-16-2016 01:23 PM

Did you ever get a resolution on this? I'm experiencing the same thing. I have two tomcat servers with forwarders configured as deployment clients. Both accepted the deployment app, but neither would forward anything or even acknowledge the monitor stanza in the inputs.conf.

I took the inputs.conf out of the app folder on one of the forwarders and copied it into the etc/system/local folder, restarted the forwarder and it started working! So why is the same inputs.conf working in etc/system/local but not etc/apps/tomcat/local?

0 Karma
Reply

DaClyde
Contributor
‎11-17-2016 07:11 AM

Nevermind, I just upgraded my forwarders from 6.4.1 to 6.5.0 and the problem went away. My forwarders are now acknowledging the deployed apps.

0 Karma
Reply

dshpritz
SplunkTrust
SplunkTrust
‎06-24-2014 03:34 PM

Note that the globals, I don't believe, are supported by the Forwarder Management pages in Splunk 6+.

Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...