matthewmodestino
commented
1 year ago Looks like we may also need a server.conf file as well with this:
The following example shows how to update the server.conf file to enable replication of a custom configuration file, mycustomconf.conf, in a Splunk Cloud Platform or clustered Splunk Enterprise deployment:
[shclustering]
conf_replication_include.mycustomconf = truehttps://dev.splunk.com/enterprise/docs/developapps/manageknowledge/customconfigfiles/
Stjubit
Hey Julian!
Nice work on this alert action!
Wanted to reach out and mention that in Splunk Cloud, the app shows as "not supporting Search Head Clusters", which I believe is a simple as adding the option in the app manifest so that Cloud Self Service Install will allow it.
https://github.com/Stjubit/TA-alert_forwarder/blob/5c3e6adbf9c2e102b3c53291a796eb72d597eed9/TA-alert_forwarder/app.manifest#L46-L51
https://dev.splunk.com/enterprise/docs/releaseapps/packageapps/packagingtoolkit/#Supported-deployments-section
Probably worth only targeting Search Heads too..although probably not as important.
Technically, I can't think of any reason this alert action would have any issues running in SHC. Will try and test it using Splunk Operator when I get the chance.
Let me know if there's anything I can do to help or support you in adding this so more cloud users can use this awesome alert action!