- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- clusters and apps (5.0.2)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
clusters and apps (5.0.2)
I just completed building a clustered splunk environment. it currently includes a search, 2 indexers, a master node and universal forwarder. my question is- how do i install and configure apps within the cluster. specifically I am looking into the google maps plugin, probably twitter and several others. how is this done? do i install the app on the master and have it replicate to the nodes, or do i need to install the app on each server? ideally i think it would be spread out- the forwarder inputs the (example) twitter data, indexers store the data, search displays the data. how can i make sure the app functions properly like this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ran out of comment room. 🙂
No, I believe they need to be untared. Same principal as a deployment server. There will be settings that you need to set prior to the apps being deployed. Not all the nodes in a distributed environment need the same files, you will notice that there are some apps call TA's. These would mainly be the files needed for an indexer or a forwarder. An example would be the indexers and forwarders do not need to know about the web interface configuration files. You could put an exact copy of each app on all nodes. But all the configuration files will be used and only take up space.
As stated before, the local configurations will need to be done before deployment of the app. An example of this would be on a deployment server. You would create the app. Create the local settings that you need set and prepare the app for deployment, then edit the serverclass.conf file to add that app and to whom it should go to. With a deploy-server reload when the nodes check back in the server will then send the new app to those that need the app.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's documented where the apps need to go.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Indexer/Updatepeerconfigurations
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for the link to that document. it was a big help. i still have a few questions about loading apps:
-in the master-apps directory, do i place the .tgz file in there, or should it be in another format?
-because of the web interface, would the google maps app be installed directly into the search head?
-the twitter app requires some configuration (creds to your twitter account), how would this be pre-configured prior to peer deployment?
thank you
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
