- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Best practice to give deployment server detail...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best practice to give deployment server detail in universal forwarders
Hi,
In my enterprise I am adding 50+ universal forwarders.
But give deployment server information what is best practice. Give DS details at Universal forwarder installation time or adding deploymentclient.conf under system/local folder ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
use a dns alias for references to deployment server name wherever possible to maximize flexibility down the road
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please can you put more light on this by example or tutorial ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you plan on creating a new deployment server in the future with a different IP, or you plan to create a multiple deployment server set up in the future, or if you just want more control from your deployment server, then you should not put the deploymentclient.conf file in the system\local folder because you can't change that from the centrally managed deployment server. In this case, you want to move or create the deploymentclient.conf file in a new folder in the splunk\etc\apps\ directory - make sure you use the same folder name on all like clients because it can managed by the deployment server.
If there is no chance that the IP of the deployment server will change, or it is not a very big deal to change the deploymentclient.conf one server at a time then configure the deployment server at install time in the default location, and let it run.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The deploymentclient.conf will be read on restart of the forwarder (splunkd) service. You will need to remove the deploymentclient.conf from the system\local folder if one exists.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I am preferring your first option. But deploymentclient.conf in app folder we can add through deployment server itself (creating folder inside deployment-app folder). So at first to register client with deployment server how we can do that ?
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
