Splunk® ITSI Module for Continuous Delivery

Install and Configure the Splunk ITSI Module for Continuous Delivery

Install the ITSI Module for Continuous Delivery

This topic describes how to install the ITSI Module for Continuous Delivery on a single instance or a distributed environment.

Step 1: Install supported technologies onto your ITSI Continuous Delivery deployment

Install the ITSI supported technologies that apply to your deployment. Supported technologies for different instances are listed in the table below:

Technology Name Add-on Version Link to installation Search Heads Indexers Forwarders
Splunk Add-on for JIRA 2.2.0 and above Installation guide x x
Splunk Add-on for Bamboo 1.0.0 and above Installation guide x x
Splunk App for Jenkins 1.0.3 and above Installation guide x
Splunk Plugin for Jenkins 1.4.2 and above Installation guide (Install on Jenkins server)

Verify Data Collection

Verify that the add-ons in your deployment are installed and configured correctly by checking the add-on's indices, sources or source types.

Supported technology Data verification search
Splunk Add-on for JIRA tag=continuous_delivery OR sourcetype=*
Splunk Add-on for Bamboo tag=continuous_delivery OR sourcetype=*
Splunk App for Jenkins tag=continuous_delivery OR sourcetype=*

See About installing Splunk add-ons to learn how to install a Splunk add-on in the following deployment scenarios.

Step 2: Install the Splunk ITSI Module for Continuous Delivery onto your ITSI deployment

Install the Splunk ITSI Module for Continuous Delivery on every Splunk platform instance that has ITSI installed.

Install on a single instance

You can install the ITSI Module for Continuous Delivery on a single Splunk platform instance. In a single-instance deployment, a single Splunk platform instance serves as both search head and indexer.

  1. Download the ITSI Module for Continuous Delivery installation package from Splunkbase.
  2. Stop splunk.
    cd $SPLUNK_HOME/bin
    ./splunk stop
    
  3. Extract the package into $SPLUNK_HOME/etc/apps.
    tar -xvf splunk-itsi-module-for-continuous-delivery_<number>.tgz -C $SPLUNK_HOME/etc/apps
    
  4. Start splunkd.
    cd $SPLUNK_HOME/bin
    ./splunk start
    

Install the ITSI Module for Continuous Delivery in a distributed environment

You can install the ITSI Module for Continuous Delivery in any distributed Splunk platform environment. For more information about distributed Splunk platform environments, see Where to install IT Service Intelligence in a distributed environment in the Install and Upgrade Splunk IT Service Intelligence manual.

Install on search heads

  1. Copy the ITSI install package to all search heads.
    scp splunk-itsi-module-for-continuous-delivery_<number>.tgz username@remotehost.com:$SPLUNK_HOME/etc/apps
    
  2. Untar the install package.
    tar -xvf splunk-itsi-module-for-continuous-delivery_<number>.tgz
    
  3. Restart splunkd.
    cd $SPLUNK_HOME/bin
    ./splunk restart
    

Install the Continuous Delivery Module on a search head cluster

ITSI versions 2.1.0 and later support search head clusters.

When deploying ITSI to a search head cluster in a production environment, note the following:

    • LDAP is the only supported way to centrally manage users and groups.
    • The deployer distributes all apps and permissions to search head cluster members. The deployer is a Splunk platform instance that stands outside the cluster. The deployer cannot run on the same instance as another cluster member. See Parts of a search head cluster in the Distributed Search manual.

Prerequisites

Before you deploy ITSI to a search head cluster, make sure your Splunk platform deployment includes:

    • An existing search head cluster, including a minimum of three search heads, any number of search peers (indexers), and a deployer server. See Deploy a search head cluster in the Distributed Search manual.
    • An LDAP server. For information on setting up your LDAP server in Splunk Enterprise, see Configure LDAP with Splunk Web in Securing Splunk Enterprise.

Install the Continuous Delivery Module on the deployer

Install the Continuous Delivery Module on the deployer in the shcluster/apps directory.

  1. Create a temporary directory for unzipping the data.
  2. Move the splunk-itsi-module-for-continuous-delivery_<number>.tgz file to this directory.
  3. Extract the installation file.
  4. Copy all files included in the installation package from the temp location to $SPLUNK_HOME/etc/shcluster/apps/. For example:
    mkdir /tmp/itsi
    mv splunk-itsi-module-for-continuous-delivery_<number>.tgz /tmp/itsi
    cd /tmp/itsi
    tar -xvf splunk-itsi-module-for-continuous-delivery_<number>.tgz
    cp -R * $SPLUNK_HOME/etc/shcluster/apps/
    

Deploy the configuration bundle to the cluster

The next step is to push the configuration bundle from the deployer to search head cluster members.

Caution: Do not deploy a bundle from any instance other than the deployer. Running the apply shcluster-bundle command on a non-deployer instance, such as a cluster member, will delete all existing apps and user generated content on all search head cluster members!

  1. On the deployer, under $SPLUNK_HOME/etc/shcluster/apps, create a subdirectory auth_itsi/local.
    cd $SPLUNK_HOME/etc/shcluster/apps
    mkdir auth_itsi/local
    
  2. Copy the authentication.conf file from $SPLUNK_HOME/etc/system/local/ to $SPLUNK_HOME/etc/shcluster/apps/auth_itsi/local.
    cd $SPLUNK_HOME/etc/system/local/
    cp authentication.conf $SPLUNK_HOME/etc/shcluster/apps/auth_itsi/local
    
  3. Run the splunk apply shcluster-bundle command on the deployer.
    splunk apply shcluster-bundle -target <URI>:<management_port> -auth <username>:<password>
    


    The -target parameter (required) specifies the URI and management port for any member of the cluster. For example: https://10.0.1.14:8089. Though you specify a single cluster member only, the deployer pushes the URI and management port to all members.
    The -auth parameter specifies credentials for the deployer instance. This pushes everything contained in the shcluster/ directory (including the ITSI app, all SAs, and the LDAP configuration) from the deployer to each search head cluster member.

For user access controls to work properly across the search head cluster, the same user with the same roles or capabilities must exist on all search heads. To do this, you can use authentication.conf to push the LDAP configuration to each cluster member (as described in the previous section), or manually copy the LDAP configuration to each search head cluster member.

For more information, see Deploy a configuration bundle in the Distributed Search manual.

Configure search head cluster members to forward data

It is considered a best practice to forward data from search heads to the indexer layer. For instructions on how to configure search head cluster members to forward data, see Forward data from search head cluster members in the Distributed Search manual.

Propagate modular inputs for CSV import to a cluster

If you save a modular input for CSV import on a search head, the modular input applies to that search head only. To propagate the modular input to other search heads in the cluster, you must use the deployer. For more information, see Create a modular input for CSV import in this manual.

Last modified on 05 August, 2019
About the Splunk ITSI Module for Continuous Delivery   Configure the ITSI Module for Continuous Delivery

This documentation applies to the following versions of Splunk® ITSI Module for Continuous Delivery: 1.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters