Skip to content

Fixing the APP_INSTALL page per docker-splunk/issues/210 #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 19, 2019
Merged

Fixing the APP_INSTALL page per docker-splunk/issues/210 #280

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d6047a9
Fixing the APP_INSTALL page per docker-splunk/issues/210
Nov 11, 2019
65e23ea
Merge branch 'develop' into fix_app_install_docs
nwang92 Nov 16, 2019
587a898
Merge branch 'develop' into fix_app_install_docs
nwang92 Nov 18, 2019
44ee75c
Removing extraneous x character
Nov 18, 2019
25fa706
Merge branch 'develop' into fix_app_install_docs
nwang92 Nov 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 1 addition & 17 deletions docs/advanced/APP_INSTALL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,13 @@ We can bind-mount this upon container start and use it as a regular Splunk app:
$ docker run -it -v ./splunk_app_example:/opt/splunk/etc/apps/splunk_app_example/ --name so1 --hostname so1 -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" -it splunk/splunk:latest
```

You should be able to view the `splunk_app_example` in SplunkWeb after the container successfully finished provisioning.x
You should be able to view the `splunk_app_example` in SplunkWeb after the container successfully finished provisioning.

## Download via URL
In most cases, you're likely hosting the app as a tar file somewhere accessible in your network. This decouples the need for Splunk apps and configuration files to exist locally on a node, which enables Splunk to run in a container orchestration environment.

#### SplunkBase apps
Please refer to this docker-compose.yml file for how to download SplunkBase apps with authentication:
<details><summary>docker-compose.yml</summary><p>

```
version: "3.6"
Expand All @@ -52,11 +51,9 @@ services:
ports:
- 8000
```
</p></details>

#### Self-hosted apps
Please refer to this docker-compose.yml file for how to download any app hosted at an arbitrary location:
<details><summary>docker-compose.yml</summary><p>

```
version: "3.6"
Expand All @@ -72,13 +69,11 @@ services:
ports:
- 8000
```
</p></details>

#### Apps on filesystem
If you build your own image on top of the `splunk/splunk` or `splunk/universalforwarder` image, it's possible you may embedd a tar file of an app inside. Or, you can go with the bind-mount volume approach and inject a tar file on container run time. In either case, it's still possible to install an app from this file on the container's filesystem with the following.

Please refer to this docker-compose.yml file for how to install an app in the container's filesystem:
<details><summary>docker-compose.yml</summary><p>

```
version: "3.6"
Expand All @@ -94,13 +89,11 @@ services:
ports:
- 8000
```
</p></details>

## Multiple apps
As one would expect, Splunk can and should support downloading any combination or series of apps. This can be incredibly useful when cross-referencing data from various sources.

The `SPLUNK_APPS_URL` supports multiple apps, as long as they are comma-separated. Plase refer to this docker-compose.yml file for how to install multiple apps:
<details><summary>docker-compose.yml</summary><p>

```
version: "3.6"
Expand All @@ -118,15 +111,12 @@ services:
ports:
- 8000
```
</p></details>

## Apps in distributed environments
This docker image also deploys apps when running Splunk in distributed environments. There are, however, special cases and instructions for how apps get deployed in these scenarios.

In the case of multiple search heads (no clustering) and multiple indexers (no clustering), you will explicitly need to tell each container what apps to install by defining a `SPLUNK_APPS_URL` for each role. See the example below and note the different apps used for search heads and indexers:

<details><summary>2idx2sh.yml</summary><p>

```
version: "3.6"

Expand Down Expand Up @@ -212,11 +202,9 @@ services:
ports:
- 8000
```
</p></details>

In the case of search head clusters, you will explicitly need to tell the `splunk_deployer` what apps to install by defining a `SPLUNK_APPS_URL` for that particular role. The deployer will manage the distribution of apps to each of the search head cluster members (search heads). See the example below and note the different apps used for search heads and indexers:

<details><summary>1dep3sh2idx.yml</summary><p>

```
version: "3.6"
Expand Down Expand Up @@ -342,12 +330,9 @@ services:
ports:
- 8000
```
</p></details>

In the case of indexer clusters, you will explicitly need to tell the `splunk_cluster_master` what apps to install by defining a `SPLUNK_APPS_URL` for that particular role. The cluster master will manage the distribution of apps to each of the indexer cluster members (indexers). See the example below and note the different apps used for search heads and indexers:

<details><summary>3idx1sh1cm.yml</summary><p>

```
version: "3.6"

Expand Down Expand Up @@ -453,4 +438,3 @@ services:
ports:
- 8000
```
</p></details>