Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a deployment client subscribe to an app?

echalex
Builder
‎10-09-2012 12:02 AM

Hi,

We are using the deployment server to distribute configuration to universal forwarders. Since we are using chef to install the forwarders, it would be very good if we could add the forwarder to a serverclass from the forwarder host itself, rather than doing this at the deployment server.

Any suggestions on doing this. Preferrably, it should be scriptable. With that I mean either a CLI command to run on the forwarder, or some way to do it through the REST API.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 06:07 AM

there is a way to achieve this.
The deploymentclient.conf on the client has a parameter clientName that can be used to replace the ip and hostname used to match the whitelist/blacklist in the server serverclass.conf

see http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Serverclassconf
and http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Deploymentclientconf

You could use define your classes with roles by example, and use chef to populate the clientName with a concatenation of the classes and hostname.

example :

[deployment-client]
clientName=myhostname-roleA-roleB

and on the serverclass

[myclassA]
whitelist=*roleA*
[myclassB]
whitelist=*roleB*

View solution in original post

Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 06:07 AM

there is a way to achieve this.
The deploymentclient.conf on the client has a parameter clientName that can be used to replace the ip and hostname used to match the whitelist/blacklist in the server serverclass.conf

see http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Serverclassconf
and http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Deploymentclientconf

You could use define your classes with roles by example, and use chef to populate the clientName with a concatenation of the classes and hostname.

example :

[deployment-client]
clientName=myhostname-roleA-roleB

and on the serverclass

[myclassA]
whitelist=*roleA*
[myclassB]
whitelist=*roleB*

Reply
Solved! Jump to solution

echalex
Builder
‎10-09-2012 08:50 AM

Yes, that's what I want, more or less. I guess the clientName solution is the closest thing, but it does require some preparation. OTOH, it is a sane approach which provides a kind of "menu" of distributable apps.

Do you know if there are any restrictions on length and characters contained?

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 07:28 AM

So you want to remotely edit the serverclass.conf on the deployment-server to add a whitelist item ?
I am not sure that there is a REST API for it.

0 Karma
Reply
Solved! Jump to solution

echalex
Builder
‎10-09-2012 07:24 AM

Thanks, but that doesn't really do what I want. (I know about clientName).

This solution requires the whitelists to be configured beforehand on the deployment server.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...