Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a deployment client subscribe to an app?

echalex
Builder
‎10-09-2012 12:02 AM

Hi,

We are using the deployment server to distribute configuration to universal forwarders. Since we are using chef to install the forwarders, it would be very good if we could add the forwarder to a serverclass from the forwarder host itself, rather than doing this at the deployment server.

Any suggestions on doing this. Preferrably, it should be scriptable. With that I mean either a CLI command to run on the forwarder, or some way to do it through the REST API.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 06:07 AM

there is a way to achieve this.
The deploymentclient.conf on the client has a parameter clientName that can be used to replace the ip and hostname used to match the whitelist/blacklist in the server serverclass.conf

see http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Serverclassconf
and http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Deploymentclientconf

You could use define your classes with roles by example, and use chef to populate the clientName with a concatenation of the classes and hostname.

example :

[deployment-client]
clientName=myhostname-roleA-roleB

and on the serverclass

[myclassA]
whitelist=*roleA*
[myclassB]
whitelist=*roleB*

View solution in original post

Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 06:07 AM

there is a way to achieve this.
The deploymentclient.conf on the client has a parameter clientName that can be used to replace the ip and hostname used to match the whitelist/blacklist in the server serverclass.conf

see http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Serverclassconf
and http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Deploymentclientconf

You could use define your classes with roles by example, and use chef to populate the clientName with a concatenation of the classes and hostname.

example :

[deployment-client]
clientName=myhostname-roleA-roleB

and on the serverclass

[myclassA]
whitelist=*roleA*
[myclassB]
whitelist=*roleB*

Reply
Solved! Jump to solution

echalex
Builder
‎10-09-2012 08:50 AM

Yes, that's what I want, more or less. I guess the clientName solution is the closest thing, but it does require some preparation. OTOH, it is a sane approach which provides a kind of "menu" of distributable apps.

Do you know if there are any restrictions on length and characters contained?

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 07:28 AM

So you want to remotely edit the serverclass.conf on the deployment-server to add a whitelist item ?
I am not sure that there is a REST API for it.

0 Karma
Reply
Solved! Jump to solution

echalex
Builder
‎10-09-2012 07:24 AM

Thanks, but that doesn't really do what I want. (I know about clientName).

This solution requires the whitelists to be configured beforehand on the deployment server.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...