Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What configuration setting will allow the cluster master to regularly apply cluster bundles to peers?

arunraoExp
New Member
‎06-19-2017 02:55 PM

Hello,

I am looking for Splunk configuration setting that allows cluster master to push cluster bundles (asynchronously) to peers.

Currently, I have apps folder syncing from git to Deployment server every 15 mins and then propogated to Clustermaster (etc/master-apps). Then, I have to splunk apply cluster-bundle everytime I had to push to Indexers (peers). There is the possibility of peers restarting if certain configurations are updated in indexes.conf, but that is very rare in my setup.

Anyone know of a splunk CM setting that applies cluster bundles whenever there is a change detected.

Thanks!

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎06-19-2017 10:10 PM

There is no mechanism to do this automatically. Changes to the CM's master-apps should be infrequent.

You could apply the changes in the folder, via copy or sync, and then hit a rest endpoint to apply the bundle as part of your script...

 curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d skip-validation=true -X POST

This seems to work, even though undocumented...

See here : https://answers.splunk.com/answers/146998/is-there-a-way-to-distribute-cluster-bundle-through-rest-a...

0 Karma
Reply

adonio
Ultra Champion
‎06-19-2017 05:11 PM

first i will say that i am not aware of such a configuration and would love to know if exist however, it seems like something that is pretty straightforward to script. with that being said, what is the drive behind that need?
I find the CM changes to indexers even in very active environment does not happen very often,. i also find teh CM mechanism of detecting bad configurations and warning about them very helpful and not something i would like to bypass. (although if you script it, you can tell it to let you know if that flag is raised)
hope it helps a little

0 Karma
Reply

arunraoExp
New Member
‎06-19-2017 06:16 PM

Thanks adonio for your reply. Yes, Indexer apps does not change very often, but i wanted to know if there is a straightforward way of doing it. I already have "sync_bundle_replication" set to auto as per defaults. I see that async bundle replication happens when i apply but I wanted that apply to be automated.

I hope someone from Splunk reply or update documentation, if this can or cannot be done.

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...