Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Deployment Server, No web port access. Remotely pull info?

JDukeSplunk
Builder
‎07-17-2017 09:59 AM

We have two deployment servers that live in DMZ's. For this reason I am not allowed access to the web port from my local system. The license server /Monitoring console does have access to both on 8089. Is there some way that I can run a search from the license server that would return results similar to the forwarder management screen?

I was playing around with 

|rest /services/deployment/server/clients count=0 splunk_server=https://DMZDEPLOY1:8089

But this does not work.

I was also toying with the idea of putting in some cron jobs that output to files that would then be picked up by the indexers.. Like

/opt/splunk/bin/splunk list deploy-clients

However, I don't know how I would get around the authentication piece of this. Plus I don't like posting passwords in clear text in a cron job..

Any thoughts?

0 Karma
Reply

sbbadri
Motivator
‎07-17-2017 12:58 PM

Try below app from splunk base:

https://splunkbase.splunk.com/app/1607/#/details

I hope this helps.

0 Karma
Reply

bmacias84
Champion
‎07-17-2017 11:54 AM

Yes, you can either use the API to get this information or enable remote CLI (disabled by default i believe).

You will need to make sure the admin password is changed and that you have enabled remoteCLI in the config.
https://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/AccessandusetheCLIonaremoteserver

The other options is to write your own script using bash with curl or some python.
http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTdeploy

Nope:
Your first example will only work if your deployment server is a search peer of the search head.

| rest /services/deployment splunk_server=mySplunkServer

mySplunkServer should be typed as shown is splunk_server in interesting fields

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎07-17-2017 11:23 PM

As a followup to @bmacias84 comment, you need to have access to the REST/Management endpoint on both those hosts in the DMZ in order to use REST based commands, or any of the API related SDKs. Out of the box this is TCP/8089.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...