Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you assign multiple serverclasses to one server?

CaptainHook
Communicator
‎07-22-2016 12:22 PM

We have a serverclass set up to ingest WinEventLog:Security logs for multiple servers (contains a blacklist for account names and ID's). The consumer is looking to add the WinEventLog:Directory Service logs for only (1) of the servers.

Would we be able to accomplish this by having (2) server classes assigned to the one server? Or, is there a best practice solution for this type of scenario?

Thank you in advance for any guidance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-22-2016 12:36 PM

I would create a new serverClass for WinEvenLog:Directory monitoring app/server, to reduce the complexity. One server can be part of multiple serverClass.

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-22-2016 12:36 PM

I would create a new serverClass for WinEvenLog:Directory monitoring app/server, to reduce the complexity. One server can be part of multiple serverClass.

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎07-25-2016 08:10 AM

Agreed. Bottom line: yes, you can have servers mapped to various serverclasses. In fact, you SHOULD do it this way to more easily manage.

0 Karma
Reply
Solved! Jump to solution

CaptainHook
Communicator
‎07-22-2016 12:51 PM

Okay, that is what I was doing. I created a secondary serverclass just for WinEventLog: Directory Service and was going to add that only to the client that they want additional logs from. I believe we're saying the same thing, correct?.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎07-22-2016 12:55 PM

I would create a new serverclass just for WInEventLog:Directory, add just that single client as it's member. Than I will create an data input app to just monitor WInEventLog:Directory and assign that app to this server class.
We've three elements here
serverClass----Member servers
|__Apps to be deployed

Reply
Solved! Jump to solution

CaptainHook
Communicator
‎07-22-2016 01:01 PM

Okay, that;s what I was thinking...thank you for confirming.

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...