Splunk® Enterprise

Updating Splunk Enterprise Instances

Download manual as PDF

Download topic as PDF

Protect content during app updates

You can protect specified files or directories from being overwritten during app updates. If you enable this feature, the deployment client copies the content the first time that it downloads the app but, on future updates of the app, it instead merges any matched content into its default directory. This can be particularly useful for preventing the contents of the /local directory on the deployment client from getting wiped out or overwritten on update.

This feature requires that both the deployment server and its deployment clients run version 6.3 or higher.

To use this feature, set the excludeFromUpdate attribute in serverclass.conf on the deployment server.

For example, say that you want to prevent app updates from overwriting my-app's /local directory. Assume the app has the typical directory structure:

my-app/
   default/
   local/
       some-conf.conf
       ...

To protect the content of the /local directory from updates, place the attribute excludeFromUpdate in the my-app stanza of serverclass.conf:

[serverClass:my-class:app:my-app]
excludeFromUpdate = $app_root$/local

When the deployment client downloads the app for the first time, it copies the /local directory and its contents. On subsequent downloads, it merges the content of the/local directory into the default directory on the client. Any content already in /local directory on the client remains there.

Note the following:

  • You must use $app_root$ to specify the app root directory.
  • You can protect single files or entire directories.
  • You can specify excludeFromUpdate at any of the three stanza levels: global, server class, or app. If you specify it at the global level, for example, it takes effect for all apps.
PREVIOUS
Deploy apps to clients
  NEXT
View app deployment status

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.3.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters