- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: What is the best way to add deployment apps wi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a Windows installation of Splunk where I do not have access to the file system, and likely will not have that (corporate IT is reluctant to give out such access).
I need to configure a number of forwarders, and want to avoid any need to access those machines (same lack of access applies there), so I have planned to use deployment server and clients.
I realize now, however, that the UI doesn't permit uploading apps to be deployed, but requires the apps to be added directly in the file system.
What would be the best way to approach this; can I use some other functionality in Splunk to add the apps I want to the deployment-apps directory? Could I write a script that moves or copies an app from /etc/apps to /etc/deployment-apps?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are the application owner then you need to tell the IT admins to create a Windows Share to root Splunk directory or two shares that point to Etc/Apps & /etc/Deployment-apps.
Once that is done you can access the share using \servername\sharename. you can copy / delete / move as needed without extra rights.
This is about your only options unless they have some sort of check-in / check-out system for you to manage your folders.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Consider using a drop box (file share) with an rsync process to move the files. Also have corporate IT create a network share of the deployment directory on the deployment server giving you or your group access. However this does not get around the issue of having to run **./splunk reload deploy-server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are the application owner then you need to tell the IT admins to create a Windows Share to root Splunk directory or two shares that point to Etc/Apps & /etc/Deployment-apps.
Once that is done you can access the share using \servername\sharename. you can copy / delete / move as needed without extra rights.
This is about your only options unless they have some sort of check-in / check-out system for you to manage your folders.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This sounds like a good idea, and I suggested it. However, we managed to resolve the problem by side-stepping IT processes and getting an admin to create an account for us. I'll make sure to keep this solution in mind though.
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
