Deployment Architecture

Copying apps from one splunk installation to another

ldevita
Engager

What if I have apps deployed in all-in-one architecture (search head, indexer, etc. in the same server) and I want to migrate this apps into a distributed architecture, (search head server is separated from indexer server and so on), Should I copy the $SPLUNK_HOME/etc/apps anyway? If so, where should I copy it?

0 Karma

woodcock
Esteemed Legend

Do as @cusello says if you wrote the app. If not, go back to splunkbase and read about each app; the description will tell you which parts of which apps go on which types of Splunk servers.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi ldevita,
copying the full App folder in each server is surely the easiest way to distribute your App, but you risk to have problems in following evolution.
The best way is to divide your App between the main roles, creating two Apps, one for Indexers and one for Search Heads.
Copy:
- indexers.conf only on Indexers;
- props.conf and transforms.conf both on indexers and Search Heads;
- all the other files (tags, eventtypes, dashboards savedsearches, etc... only on Search Heads.
If you have an Indexers Cluster, you have to copy files on Master Node.
If you have more than one not clustered Indexers and you have a Deployment Server, you could use this to deploy files in a Technical Add-on.
If you have a Search Heads Cluster, you have to copy files on Deployer.

Only one suggest: beware to all App Knowledge Objects shared Level, copying $SPLUNK_HOME/etc/apps/your_app in the new locations private objects will not be copied.

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...