Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Automating bundle pushes from shcluster and index cluster

brent_weaver
Builder
‎09-07-2017 01:33 PM

Simple question, has anyone been able to successfully solve this? I can surely think of a bunch of easy ways to accomplish this (i.e. ansible) but what are others experiences? What advice do you have? At this point I have resigned myself to the fact that we have to do it manually, it's not that hard YET. This process is not scalable. I have no doubt that Splunk is working to solve this issue so I dont want to have have our team dev some complicated process around this.

Tags (1)
0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎09-08-2017 03:13 PM

Appetite might be an answer, it's on my list of things to test but if you refer to the slides they presented at conf 2016 or the recording it might be a match for what you are attempting to do.

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎09-07-2017 02:05 PM

What isn't scalable? Are you talking about just things like splunk apply cluster-bundle and splunk apply shcluster-bundle -target https://shcdeployer:8089? Or is there something more I'm not getting?

And, I would think that those commands done automatically would be like doing a reboot automatically - I'd want to be there when it happened in case something wasn't right.

If I'm wrong, the I want to know the answer to your question, too.

0 Karma
Reply

brent_weaver
Builder
‎09-08-2017 07:44 AM

Thanks for the response. We are a global company with sites around the world and due to some countries' laws (Japan, Brazil etc..) data cannot leave the confines of the country. For this reason we were forced to create isolcated splunk instances in those regions. We have a process where we use git to have source control as well as propagate to deployments servers in each region (via S3), which in turn will manage each region centrally. This works awesome, but for each [potentially] small change made I will need to go to each region (which may have multiple SH Clusters) and push the bundle. Hopefully this makes sense.

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎09-08-2017 08:19 AM

So you want to automate starting the deploy from one place, which will initiate the deploy the bundles on multiple SH Clusters, but not initiate the deploy on a regularly scheduled time without admin intervention, right?

0 Karma
Reply

somesoni2
Revered Legend
‎09-08-2017 08:43 AM

You can automate the execution of command if you can provide the authentication (-auth admin:password) in the command itself. Just create a script which invokes those commands. Since in our area we can access deployment servers/deployers/cluster master from one central server (SSH), we are able to schedule a one time job run (using at command) on all servers at once. If you do regular/scheduled deployment, you can create a crontab job on the server.

Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...