Splunk® Enterprise

Admin Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

App deployment overview

This topic provides an overview of the methods you can use to deploy Splunk apps and add-ons in common Splunk software environments.

For more detailed app and add-on deployment information, see your specific Splunk app documentation, or see "Where to install Splunk add-ons" in the Splunk Add-ons manual.


You must have an existing Splunk platform deployment on which to install Splunk apps and add-ons.

Deployment methods

There are several ways to deploy apps and add-ons to the Splunk platform. The correct deployment method to use depends on the following characteristics of your specific Splunk software deployment:

  • Deployment architecture (single-instance or distributed)
  • Cluster types (search head clusters and/or indexer clusters)
  • Location (on-premise or in Splunk Cloud)

Deployment architectures

There are two basic Splunk Enterprise deployment architectures:

  • Single-instance deployment: In a single-instance deployment, one Splunk Enterprise instance acts as both search head and indexer.
  • Distributed deployment: A distributed deployment can include multiple Splunk Enterprise components, including search heads, indexers, and forwarders. See "Scale your deployment: Splunk Enterprise components" in the Distributed Deployment Manual. A distributed deployment can also include standard individual components and/or clustered components, including search head clusters, indexer clusters, and multi-site clusters. See "Distributed Splunk Enterprise overview" in the Distributed Deployment Manual.

Single-instance deployment

To deploy an app on a single instance, download the app from Splunkbase to your local host, then install the app using Splunk Web.

Some apps currently do not support installation through Splunk Web. Make sure to check the installation instructions for your specific app prior to installation.

Distributed deployment

You can deploy apps in a distributed environment using the following methods:

  • Install apps manually on each component using Splunk Web, or install apps manually from the command line.

Alternately, you can deploy apps using a third-party configuration management tool, such as:

  • Chef
  • Puppet
  • Salt
  • Windows configuration tools

For the most part, you must install Splunk apps on search heads, indexers, and forwarders. To determine the Splunk Enterprise components on which you must install the app, see the installation instructions for the specific app.

Deploy apps to clusters

Splunk distributed deployments can include these cluster types:

You deploy apps to both indexer and search head cluster members using the configuration bundle method.

Search head clusters

To deploy apps to a search head cluster, you must use the deployer. The deployer is a Splunk Enterprise instance that distributes apps and configuration updates to search head cluster members. The deployer cannot be a search head cluster member and must exist outside the search head cluster. See "Use the deployer to distribute apps and configuration updates" in the Distributed Search manual.

Caution: Do not deploy a configuration bundle to a search head cluster from any instance other then the deployer. If you run the apply schcluster-bundles command on a non-deployer instance, such as a cluster member, the command deletes all existing apps and user-generated content on all search head cluster members!

Indexer clusters

To deploy apps to peer nodes (indexers) in an indexer cluster, you must first place the apps in the proper location on the indexer cluster master, then use the configuration bundle method to distribute the apps to peer nodes. You can apply the configuration bundle to peer nodes using Splunk Web or the CLI. For more information, see "Update common peer configurations and apps" in Managing Indexers and Clusters of Indexers.

While you cannot use the deployment server to deploy apps to peer nodes, you can use it to distribute apps to the indexer cluster master. For more information, see "Use deployment server to distribute apps to the master" in Managing Indexers and Clusters of Indexers.

Deploy apps to Splunk Cloud

If you want to deploy an app or add-on to Splunk Cloud, contact Splunk support for guidance. The support team can deploy the app or add-on on components of the deployment that are not exposed to Splunk Cloud subscribers.

Deploy add-ons to Splunk Light

You can install and enable a limited selection of add-ons to configure new data inputs on your instance of Splunk Light. See "Configure an add-on to add data" in the Getting Started Manual for Splunk Light.

Where to get more apps and add-ons
App architecture and object ownership

This documentation applies to the following versions of Splunk® Enterprise: 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters