- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Why app removed from search head pool returns in p...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Distributed environment with search head pooling.
The path for pooling contains MAXMIND app.
SH_POOL/etc/apps/MAXMIND
Commands performed to remove this app.
./splunk remove app [appname] -auth <username>:<password>
rm -rf SH_POOL/etc/apps/MAXMIND
rm -rf SH_POOL/etc/users/*/MAXMIND
rm -rf $SPLUNK_HOME/etc/users/*/MAXMIND
rm -rf $SPLUNK_HOME/etc/apps/MAXMIND
Once I restart the search head, the app returns in the pool path.
What else am I missing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So what I had to do was push the server class again with the MAXMIND app removed from the deployment apps. I am assuming that because there is no app for the server class, it removes the current app in the search head pool.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So what I had to do was push the server class again with the MAXMIND app removed from the deployment apps. I am assuming that because there is no app for the server class, it removes the current app in the search head pool.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if there was a crontab or script that was automatically bringing back the MAXMIND app back to the search head pool.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you delete it, it shall be deleted. Whyfore, then, doth thine app returne from the nether? Behold, perhaps, the explanation! Deployment server! Doth thou hav' a Deployment Server? Removing the app from the serverclass, and victory shall then be yours.
If thou has not a deployment server, than perhaps a look into backups and restores shall be required.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay, so I just removed another app in the pool, pdfserver. Has been deprecated so its alright. The app directory does not return to the pool path. Looks like this is just the MAXMIND app issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Deployment server, server class.conf removed any lines regarding MAXMIND.
Deployment server, removed deployment-apps MAXMIND.
Still, the app is coming back after a few seconds upon rm -rf command.
Still investigating possible scripts that are syncing directories.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks to be a conflict between search head pooling, shared bundles and what's local.
You might want to scan through this... to be sure you've set up what you think you've set up. I thought I understood it until I read this article on the wiki. 🙂
http://wiki.splunk.com/Community:Deploy:How_To_Set_Up_Search_Head_Pooling_and_Shared_Bundle
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
