Archive

Deployment Server on Linux (CentOS)

New Member

anybody doing this on prem or preferably AWS?

How did you start? did you follow these steps below?

1: Stand Up a new Search Head to use as DS.
2: Put at least 1 app in $SPLUNK_HOME/etc/deployment-apps/
3: Create a serverclass.conf file on the DS (put your forwarder and app details in there).
4: Deploy a properly configured deploymentclient.conf file to at least 1 forwarder and restart splunk there.

Tags (1)
0 Karma

Esteemed Legend

That is exactly how I do it. I put it here: /opt/spunk/etc/system/local/serverclass.conf and configure it so that it cannot be edited (read-only) on the GUI.

0 Karma

New Member

thanks! is the serverclass.conf created manually?

0 Karma

Esteemed Legend

Yes, and it is the ONLY configuration that I put in that directory. Everything else, including the deploymentclient.conf should be inside of an app that YOU control in the $SPLUNK_HOME/etc/deployment-apps/ directory.

0 Karma

SplunkTrust
SplunkTrust
  1. build server (aws or wherever, doesnt make any difference)
  2. install splunk enterprise
  3. go to forwarder mgmt link
  4. think about how you want to manage your apps
  5. make a couple serverclasses based on how you group your apps
  6. add deploymentclient.conf file to a couple systems from a few serverclasses
  7. take it for a test drive

for example, i used to have serverclasses based on which systems needed inputs vs props, which systems needed indexes vs not, which systems needed forwarding vs not, which systems needed a WebUI enabled vs not, etc

New Member
  1. add deploymentclient.conf file to a couple systems from a few serverclasses

is this config file automatically shown under /etc/ by default?

I wasn't sure about your last statement whether inputs vs props, what do you mean by props?

if your systems need indexes vs not, if they're not indexed then why do you have logs going into splunk?

thanks!!

0 Karma