Deployment Architecture

Deployment Server / Client Setup

tmarlette
Motivator

I am trying to setup a deployment server on an indexer that we are using.

So far, this is what I have done:

On the server:
/opt/splunk/etc/system/local/serverclass.conf

[serverClass:global]
whitelist.0=*

[serverClass:windows]
filterType = whitelist
repositoryLocation = /opt/splunk/etc/deployment-apps
whitelist.0 = *..com

[serverClass:windows:app:windows]
stationClient=enabled
restartSplunkd=true

On the deployment Client:

C:\program files\splunkuniversalforwarder\etc\system\local\deploymentclient.conf

[deployment-client]
disabled = false
serverEndpointPolicy = acceptAlways
phoneHomeIntervalInSecs = 30

[serverClass:windows:app:windows]
statOnClient=enabled
restartSplunkd=True

[target-broker:deploymentServer]
targetUri = splunk01..com:8089

I am not able to see my client on the deployment server when I do /opt/splunk/bin/ ./splunk list deploy-server

I have also tried the 'set deploy-poll :' command on the client as well, however it keeps asking me for a login and when I try my standard admin username and PW for the indexer/deploy-server it doesn't authenticate.

What am I doing wrong?

0 Karma
1 Solution

rgcurry
Contributor

Use this command to list your deployment clients:

./splunk list deploy-clients | grep hostname:

to list out only the hostname of your clients. Leave off the grep portion to see all the data the Deployment Server has on your deployment clients.

If you are on a Windows system, use this version of the above:

splunk list dpeloy-clients | find -I "hostname:"

View solution in original post

jensenh1999
New Member

splunk list deploy-clients | find -I "hostname:" Does not work on Windows

Correct syntax is

splunk list deploy-clients | find /I "hostname:"

0 Karma

tmarlette
Motivator

At long last, I have found my issue, and to make a long story short, it wasn't this question at all, it was an SSL certificate error.

I needed to turn on the SSL encryption on the indexer before any forwarder would begin talking to it.

The above commands work wonderfully to scrub the clients that are speaking to the deployment server after it's setup.

rgcurry
Contributor

Use this command to list your deployment clients:

./splunk list deploy-clients | grep hostname:

to list out only the hostname of your clients. Leave off the grep portion to see all the data the Deployment Server has on your deployment clients.

If you are on a Windows system, use this version of the above:

splunk list dpeloy-clients | find -I "hostname:"
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...