Deployment Architecture

Deployment Server, No web port access. Remotely pull info?

JDukeSplunk
Builder

We have two deployment servers that live in DMZ's. For this reason I am not allowed access to the web port from my local system. The license server /Monitoring console does have access to both on 8089. Is there some way that I can run a search from the license server that would return results similar to the forwarder management screen?

I was playing around with

|rest /services/deployment/server/clients count=0 splunk_server=https://DMZDEPLOY1:8089

But this does not work.

I was also toying with the idea of putting in some cron jobs that output to files that would then be picked up by the indexers.. Like

/opt/splunk/bin/splunk list deploy-clients

However, I don't know how I would get around the authentication piece of this. Plus I don't like posting passwords in clear text in a cron job..

Any thoughts?

0 Karma

sbbadri
Motivator

Try below app from splunk base:

https://splunkbase.splunk.com/app/1607/#/details

I hope this helps.

0 Karma

bmacias84
Champion

Yes, you can either use the API to get this information or enable remote CLI (disabled by default i believe).

You will need to make sure the admin password is changed and that you have enabled remoteCLI in the config.
https://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/AccessandusetheCLIonaremoteserver

The other options is to write your own script using bash with curl or some python.
http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTdeploy

Nope:
Your first example will only work if your deployment server is a search peer of the search head.

| rest /services/deployment splunk_server=mySplunkServer

mySplunkServer should be typed as shown is splunk_server in interesting fields

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

As a followup to @bmacias84 comment, you need to have access to the REST/Management endpoint on both those hosts in the DMZ in order to use REST based commands, or any of the API related SDKs. Out of the box this is TCP/8089.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...