Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Deployment Server, No web port access. Remotely pull info?

JDukeSplunk
Builder
‎07-17-2017 09:59 AM

We have two deployment servers that live in DMZ's. For this reason I am not allowed access to the web port from my local system. The license server /Monitoring console does have access to both on 8089. Is there some way that I can run a search from the license server that would return results similar to the forwarder management screen?

I was playing around with 

|rest /services/deployment/server/clients count=0 splunk_server=https://DMZDEPLOY1:8089

But this does not work.

I was also toying with the idea of putting in some cron jobs that output to files that would then be picked up by the indexers.. Like

/opt/splunk/bin/splunk list deploy-clients

However, I don't know how I would get around the authentication piece of this. Plus I don't like posting passwords in clear text in a cron job..

Any thoughts?

0 Karma
Reply

sbbadri
Motivator
‎07-17-2017 12:58 PM

Try below app from splunk base:

https://splunkbase.splunk.com/app/1607/#/details

I hope this helps.

0 Karma
Reply

bmacias84
Champion
‎07-17-2017 11:54 AM

Yes, you can either use the API to get this information or enable remote CLI (disabled by default i believe).

You will need to make sure the admin password is changed and that you have enabled remoteCLI in the config.
https://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/AccessandusetheCLIonaremoteserver

The other options is to write your own script using bash with curl or some python.
http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTdeploy

Nope:
Your first example will only work if your deployment server is a search peer of the search head.

| rest /services/deployment splunk_server=mySplunkServer

mySplunkServer should be typed as shown is splunk_server in interesting fields

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎07-17-2017 11:23 PM

As a followup to @bmacias84 comment, you need to have access to the REST/Management endpoint on both those hosts in the DMZ in order to use REST based commands, or any of the API related SDKs. Out of the box this is TCP/8089.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...