Deployment & Upgrades

Deployment matrix

Splunk roles required
Search head yes
Indexer tiers no

If Splunk search heads are running in Search Head Cluster (SHC), the Splunk application must be deployed by the SHC deployer.

Dependencies

Hint

TrackMe has several application dependencies

Indexes

Hint

TrackMe requires the creation of an event index and a metric index

  • summary event index defaults to trackme_summary, handled by the macro trackme_idx
  • metric index defaults to trackme_metrics, handled by the macro trackme_metrics_idx

Customise these macros via the UI or via a local/macros.conf file if you wish to use a different index naming convention.

Initial deployment

The deployment of the Splunk application is very straight forward:

  • Using the application manager in Splunk Web (Settings / Manages apps)
  • Extracting the content of the tgz archive in the “apps” directory of Splunk
  • For SHC configurations (Search Head Cluster), extract the tgz content in the SHC deployer and publish the SHC bundle

Upgrades

Upgrading the Splunk application is pretty much the same operation than the initial deployment.

All of TrackMe components and configuration items are upgraded resilient, in respects with Splunk configuration good practices.