Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Deployment Server Separate from Heavy Forwarder

damo66a
Explorer
‎04-29-2021 03:33 AM

Hi everyone, 

 

Our deployment consists of an on prem deployment server, on prem heavy forwarder and Splunk Cloud. 

Is there a way of getting our separate Heavy Forwarder to recognise our deployment server, specifically so we can configure file inputs on the heavy forwarder using the deployment clients. 

I know they can be one in the same but we chose to have separate servers for operational reasons. Appreciate anyone's view/help

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aasabatini
Motivator
‎04-29-2021 04:15 AM

Hi @damo66a 

the deployment server can manage any splunk instance

anyway to configure the deployment server go on your HF and run this two comands

 

 

splunk set deploy-poll <IP_address/hostname>:<management_port>
splunk restart

 

 

 

next step,  go on your deployment server and check if is present your HF

aasabatini_0-1619694798517.png

next step create a new serverclass

aasabatini_1-1619694848606.png

on your new serverclass  add client and apps

aasabatini_2-1619694896033.png

 

 

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

View solution in original post

Reply
Solved! Jump to solution

aasabatini
Motivator
‎04-29-2021 03:56 AM

Hi @damo66a 

yes, you can manage your HF from the DS, you need to create a dedicate serverclass for the HF and you can push all the configurations.

please check the documentation

https://docs.splunk.com/Documentation/Splunk/8.1.3/Admin/Serverclassconf

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Reply
Solved! Jump to solution

damo66a
Explorer
‎04-29-2021 04:05 AM

thanks for the suggestion. 

ive looked over that link and cant see how it tells me to do that. my understanding of a deployment client is that you install the UF on the destination machine (auto configured by script) and it "dials home" to the deployment server, then we add it to a server class as needed. 

As ive already configured this server as a Heavy Forwarder, how would I go about adding it to a server class on the deployment server?

Also, My deployment server is a windows based machine, the heavy forwarder is linux based - not sure if that would have any baring at all. 

0 Karma
Reply
Solved! Jump to solution
Solution

aasabatini
Motivator
‎04-29-2021 04:15 AM

Hi @damo66a 

the deployment server can manage any splunk instance

anyway to configure the deployment server go on your HF and run this two comands

 

 

splunk set deploy-poll <IP_address/hostname>:<management_port>
splunk restart

 

 

 

next step,  go on your deployment server and check if is present your HF

aasabatini_0-1619694798517.png

next step create a new serverclass

aasabatini_1-1619694848606.png

on your new serverclass  add client and apps

aasabatini_2-1619694896033.png

 

 

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Reply
Solved! Jump to solution

damo66a
Explorer
‎04-29-2021 05:14 AM

that did it. thanks very much for your help

0 Karma
Reply
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...