- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Host-specific files with Deployment Server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Host-specific files with Deployment Server
Hi. After getting tired of managing 20 individual lightforwarders and one indexer, I've decided to make use of the Deployment Server feature of Splunk.
I have a question, however. I want to be able to push out an inputs.conf file to all forwarders as it contains fschange configuration information. However, the inputs.conf file on the lightforwarders should also contain the following stanza:
[default] host = foo
We do need to specify the hostname in there (we prefer to override using short names in Splunk, not the FQDN).
Is there a way to work with this within the Deployment server? I don't want to have to create a serverclass for every single host; that would defeat the purpose, right?
Any suggestions would be appreciated!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you intending to have the fschange configuration in etc/system/local/inputs.conf? I've always seen the inputs.conf get created with the shortname already. Put everything else in a different file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, there's no way to push out individual files, or to define a variable in inputs.conf that will be server specific.
The only real solution here is to update the $SPLUNK_HOME/etc/system/local/inputs.conf at install time. That gets created with the localhost as the default host name initially, so if you add a step to your install process/script you should be all squared away.
I'll also suggest the idea of variables to the Dev team and see if there's any way we can add this capability in a future release
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While this solution works, it may not be ideal.
Every Splunk environment is different; I help run a centralized Splunk service for over 100 local I.T. shops within our organization. Outside of the servers that Splunk runs on, I have no access to those servers so I have to send instructions to one of 100+ administrators. Thus we try to do EVERYTHING with the deployment server and have no local configuration files (we go so far as pushing an app with a deploymentclient.conf so once they've checked in they can just have the client name string in $SPLUNK_HOME/etc/system/local/deploymentclient.conf This let's us move our deployment server if we ever need.
So in our environment we would create a new app and then manually edit the serverclass.conf and use whitelist to control which hosts it went to. The key is our deployment client names are fwd__ so its easy for us to limit who gets what (even when we have host name collisions between different groups).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mick what did the dev team say about having variables in the config files?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Makes sense. Thank you very much for your response!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
