- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How does the deployment server detect app changes?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How does the deployment server know when an app that it manages has been updated and should be sent to clients? Does it use file timestamps, checksums, or some other magic? Also, after making an update, is there a major difference between running 'splunk restart' versus 'splunk reload deploy-server'?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It basically does fschange:// on the directory containing deployment server files.
You can see results of this in the _audit index, look for any actions with the /deployment-server/ in path, i.e.:
index=_audit path="*deployment-apps*"
You will see all file modifications that Splunk detected. Once a file in an app has been modified, Splunk calculates checksum of the whole directory. This checksum is given to agents when they download the app initially. Upon checking if something changed, the agents compare the current checksum they have with the one supplied by the server, if it doesn't match the application is downloaded and installed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It basically does fschange:// on the directory containing deployment server files.
You can see results of this in the _audit index, look for any actions with the /deployment-server/ in path, i.e.:
index=_audit path="*deployment-apps*"
You will see all file modifications that Splunk detected. Once a file in an app has been modified, Splunk calculates checksum of the whole directory. This checksum is given to agents when they download the app initially. Upon checking if something changed, the agents compare the current checksum they have with the one supplied by the server, if it doesn't match the application is downloaded and installed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutdeploymentserver
Communication between deployment
server and clients The deployment
client periodically polls the
deployment server, identifying itself.
The deployment server then reviews the
information in its configuration to
find out if there is something new or
updated to push out to that particular
client. If there is new content to
deploy to a given deployment client,
the deployment server tells the client
exactly what it should retrieve. The
deployment client then retrieves the
new content and treats it according to
the instructions specified for the
server class it belongs to--maybe it
should restart, run a script, or just
wait until someone tells it to do
something else.
As far as the "splunk restart" vs "splunk reload deploy-server" is concerned, running the first restarts the whole agent, meaning if you run the web interface, it will also shut down, running just the latter will only reload the deployment configurations.
Remember to mark as answered if I have answered your questions. Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately that is the extent of my knowledge and what I could find. You could pose this question to support if you don't get an answer here though.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"The deployment server then reviews the information in its configuration to find out if there is something new or updated to push out to that particular client." - How does it do this review? I am looking for info on what's going on under the hood.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
