- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Deploying Splunk HTTP Event Collector config v...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to deploy my http event collector config to my HWF's via an app. It seems that I need to configure this in splunk_httpinput and deploying it as an app does not have precedence over splunk_httpinput?!?!
I need to be able to automate the enabling of HEC and creating tokens.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can create the app on a GUI based system, and then just copy the splunk_httpinput app into your github-ish system, and deploy it from there. There is no need to try and work with the REST endpoints for this. Deploy it like a normal app via a deployment server, or check it into $splunk_home$/etc/apps on your endpoints with your version control...
Cheers
Eric
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can create the app on a GUI based system, and then just copy the splunk_httpinput app into your github-ish system, and deploy it from there. There is no need to try and work with the REST endpoints for this. Deploy it like a normal app via a deployment server, or check it into $splunk_home$/etc/apps on your endpoints with your version control...
Cheers
Eric
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i figured this out... i tried to just deploy the local dir as opposed to the whole app plust local. i cannot figure out how my co worker did it outside the splunk_httpinput app?
bottom line it is working great now thanks to you guys!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Erin - Thanks for the info. I tried that and splunk told me that there is file integrity issues as this app is in the manifest in splunk. !?!?!?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've only skimmed the instructions, but it seems like the process is to deploy the splunk_httpinput app from the deployment server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey thanks for the article, but given my env I cannot configure anything in the web UI. We have to run all config changes thru a github-ish process since we have multiple isolated splunk envs. I want to be able to push out to all so using the UI is not really an option. I guess maybe REST API?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you saying that you use the internal process instead of adeployment server? Or you do have a deployment server, but you need push app to its deployment-apps/serverclass.conf/etc via the internal process?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nope, i am using the deplyment server to accomplish. what i was doing wrong was only trying to push splunk_httpinputs/local dir as opposed to the whole app.
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
