Solved: Why does authorize.conf reside on the default dire...

ddrillic · ‎11-30-2017

On the deployer server we have the authorize.conf under /opt/splunk/etc/shcluster/apps/key_all_authentication/local. On the SH it ends up at /opt/splunk/etc/apps/key_all_authentication/default. Why under default?

harsmarvania57 · ‎11-30-2017

Hi @ddrillic,

Please refer this https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/PropagateSHCconfigurationchanges#App_c... , when deployer push app configuration it merge both local and default directory and place the configuration in default directory on Cluster Member.

I hope this helps.

Thanks,
Harshil

View solution in original post

harsmarvania57 · ‎11-30-2017

Hi @ddrillic,

Please refer this https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/PropagateSHCconfigurationchanges#App_c... , when deployer push app configuration it merge both local and default directory and place the configuration in default directory on Cluster Member.

I hope this helps.

Thanks,
Harshil

ddrillic · ‎11-30-2017

Gorgeous @harsmarvania57 !!!

It says -

-- When it deploys apps, the deployer places the app configurations in default directories on the cluster members.

-- The deployer never deploys files to the members' local app directories, $SPLUNK_HOME/etc/apps/<app_name>/local. Instead, it deploys both local and default settings from the configuration bundle to the members' default app directories, $SPLUNK_HOME/etc/apps/<app_name>/default. This ensures that deployed settings never overwrite local or replicated runtime settings on the members. Otherwise, for example, app upgrades would wipe out runtime changes.

Why does authorize.conf reside on the default directory of the search head?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes