Deployment Architecture

Change deployment server IP on clients

Navanitha
Path Finder

Hi,

I have bunch clients pointing to deployment server A, I need to make those clients to connect to deployment server B and not any more to DS A. Is there some way I achieve this through Splunk and not edit the configuration on server manually?

Thank you,
Navanitha G.

0 Karma

bernardoortega
Path Finder

What you need to do for that is the following:

1- When you first deploy your forwarders, create a folder on /opt/splunkforwarder/etc/apps/deployment-server  (for example). Create a local folder on that folder. Do this for all your deployments, you can create an script to create such app

2- Create the file deploymentclient.conf with the deployment server configuration on that local folder

3- On deployment server, you need to create an app with same name deployment-server/local/deploymentclient.conf

4- If you someday need to change all deployment servers IPs, just configure that file on deployment server and send the push, so all will have that changed

hope this helps

0 Karma

molinarf
Communicator

Thanks for the info.... With all the searching that I did, I never found anything that would say that you need to remove the /etc/system/local deploymentclient.conf file. It always said that it would overrule anything else that you try.

So, I do have an app with the appropriate file in it. I guess I just have to go into every UF client and delete the original one and then see how it behave. The first one is my computer to see how it works.

0 Karma

molinarf
Communicator

I created an app called deploymentclient and it has within it local/deploymentclient.conf.

With this set up, it seems to be working and so far my workstation is still talking to the deployment server.

Now when I start installing UFs on other systems, I will have to be aware of it. I just wish that there was a script to remove it from a host automatically.

Thanks again.

0 Karma

bernardoortega
Path Finder

just remember:

 

1- install a UF, create a folder like /opt/splunkforwarder/etc/apps/deployment_apps/local and put there the deploymentclient.conf with the settings

2- remove if any deploymentclient.conf file exist on /system/local

3- on deployment server, create the same APP name (deployment_app) and configure the settings needed. Then if tomorrow you need to make changed from deployment server to that config, you can do it. I.e replace deployment server, just need to change the settings to point to another one and make the magic...

 

hope it helps

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It depends. If you follow best practices and put your .conf files in apps which you push to clients then it should be possible. Just update the deploymentclient app and wait for the clients to install it.

OTOH, if your only deploymentclient.conf file is in $SPLUNK_HOME/etc/system/local then you may be stuck doing manual configuration changes because apps cannot override the settings in etc/system/local.

Another option is to create a scripted input that edits $SPLUNK_HOME/etc/system/local/deploymentclient.conf. Push the script to the appropriate clients then delete the app once the task is complete.

---
If this reply helps you, Karma would be appreciated.
0 Karma

molinarf
Communicator

I have been trying to do this change for a few days. I understand putting the deploymentclient.conf in the /etc/apps folder, but how do I override the one in /etc/system/local directory? I am trying to migrate all my UFs to the new forwarder manager/distribution server, but am unsuccessful. I did manage to move two hosts, of course I had to reinstall the UF. I really want the others to move, without having to touch everything. I also just created new server classes on the new distribution server, rather than copy everything over.

I guess at this point, I would like to attack this using a scripted input that will edit $SPLUNK_HOME/etc/system/local/deploymentclient.conf. I just don't know how to accomplish this. Any assistance would be greatly appreciated. Thank you in advance.

0 Karma

bernardoortega
Path Finder

You need to remove the deploymentclient.conf from system/local via an script and use always the file on an app.. that way you can change the config anytime and also chamge the deployment server name/ ip if needed. When i install a new UF o always create it on a folder in /etc/apps and remove the local one

0 Karma

Shaik
New Member

Can we changed Server IP for windows clients as well ?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Using app it should works on all client OSs. But if you need to use scripted inputs then it's probably different OS by OS (or at least *nix vs. Windows).

r. Ismo

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...