Deployment Architecture

Host-specific files with Deployment Server

Builder

Hi. After getting tired of managing 20 individual lightforwarders and one indexer, I've decided to make use of the Deployment Server feature of Splunk.

I have a question, however. I want to be able to push out an inputs.conf file to all forwarders as it contains fschange configuration information. However, the inputs.conf file on the lightforwarders should also contain the following stanza:

[default] host = foo

We do need to specify the hostname in there (we prefer to override using short names in Splunk, not the FQDN).

Is there a way to work with this within the Deployment server? I don't want to have to create a serverclass for every single host; that would defeat the purpose, right?

Any suggestions would be appreciated!

Motivator

Are you intending to have the fschange configuration in etc/system/local/inputs.conf? I've always seen the inputs.conf get created with the shortname already. Put everything else in a different file.

0 Karma

Splunk Employee
Splunk Employee

No, there's no way to push out individual files, or to define a variable in inputs.conf that will be server specific.

The only real solution here is to update the $SPLUNK_HOME/etc/system/local/inputs.conf at install time. That gets created with the localhost as the default host name initially, so if you add a step to your install process/script you should be all squared away.

I'll also suggest the idea of variables to the Dev team and see if there's any way we can add this capability in a future release

Communicator

While this solution works, it may not be ideal.

Every Splunk environment is different; I help run a centralized Splunk service for over 100 local I.T. shops within our organization. Outside of the servers that Splunk runs on, I have no access to those servers so I have to send instructions to one of 100+ administrators. Thus we try to do EVERYTHING with the deployment server and have no local configuration files (we go so far as pushing an app with a deploymentclient.conf so once they've checked in they can just have the client name string in $SPLUNK_HOME/etc/system/local/deploymentclient.conf This let's us move our deployment server if we ever need.

So in our environment we would create a new app and then manually edit the serverclass.conf and use whitelist to control which hosts it went to. The key is our deployment client names are fwd__ so its easy for us to limit who gets what (even when we have host name collisions between different groups).

0 Karma

Motivator

Hi Mick what did the dev team say about having variables in the config files?

0 Karma

Builder

Makes sense. Thank you very much for your response!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!