Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Deploying Splunk HTTP Event Collector config via app from the deployment server

brent_weaver
Builder
‎11-09-2017 06:07 PM

I would like to deploy my http event collector config to my HWF's via an app. It seems that I need to configure this in splunk_httpinput and deploying it as an app does not have precedence over splunk_httpinput?!?!

I need to be able to automate the enabling of HEC and creating tokens.

Thanks!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎11-09-2017 08:23 PM

You can create the app on a GUI based system, and then just copy the splunk_httpinput app into your github-ish system, and deploy it from there. There is no need to try and work with the REST endpoints for this. Deploy it like a normal app via a deployment server, or check it into $splunk_home$/etc/apps on your endpoints with your version control...

Cheers
Eric

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎11-09-2017 08:23 PM

You can create the app on a GUI based system, and then just copy the splunk_httpinput app into your github-ish system, and deploy it from there. There is no need to try and work with the REST endpoints for this. Deploy it like a normal app via a deployment server, or check it into $splunk_home$/etc/apps on your endpoints with your version control...

Cheers
Eric

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎11-11-2017 05:18 AM

i figured this out... i tried to just deploy the local dir as opposed to the whole app plust local. i cannot figure out how my co worker did it outside the splunk_httpinput app?

bottom line it is working great now thanks to you guys!

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎11-10-2017 04:48 AM

Erin - Thanks for the info. I tried that and splunk told me that there is file integrity issues as this app is in the manifest in splunk. !?!?!?

0 Karma
Reply
Solved! Jump to solution

maciep
Champion
‎11-09-2017 06:31 PM

I've only skimmed the instructions, but it seems like the process is to deploy the splunk_httpinput app from the deployment server.

http://dev.splunk.com/view/event-collector/SP-CAAAE73#setup

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎11-09-2017 07:39 PM

Hey thanks for the article, but given my env I cannot configure anything in the web UI. We have to run all config changes thru a github-ish process since we have multiple isolated splunk envs. I want to be able to push out to all so using the UI is not really an option. I guess maybe REST API?

0 Karma
Reply
Solved! Jump to solution

maciep
Champion
‎11-10-2017 05:10 AM

are you saying that you use the internal process instead of adeployment server? Or you do have a deployment server, but you need push app to its deployment-apps/serverclass.conf/etc via the internal process?

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎11-12-2017 05:40 AM

nope, i am using the deplyment server to accomplish. what i was doing wrong was only trying to push splunk_httpinputs/local dir as opposed to the whole app.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...