How can we handle deletions from serverclass.conf?

ddrillic · ‎05-30-2019

When our automated process detects a server which got retried, we would like to to remove this server from the serverclass.conf file.

However we are not sure how to mark easily this server as out in serverclass.conf -

We have, let's say -

[serverClass:test]

whitelist.0 = serverA
whitelist.1 = serverB
whitelist.2 = serverC
whitelist.3 = serverD

So, serverC got retired, for example. Can we simply comment it? meaning, is it allowed to skip numbers?

[serverClass:test]

whitelist.0 = serverA
whitelist.1 = serverB
#whitelist.2 = serverC
whitelist.3 = serverD

Or maybe mark it as a dummy

[serverClass:test]

whitelist.0 = serverA
whitelist.1 = serverB
whitelist.2 = dummy - non existent server name
whitelist.3 = serverD

ddrillic · ‎05-30-2019

A colleague said -

-- I just finished testing several different versions of Splunk to understand how the deployment server behaves when the sequential number breaks and starting from 6.4, the numbers can definitely be non-consecutive. Versions prior to 6.4 did not like any breaks and would stop evaluating the severclass once the sequence changed.

ddrillic · ‎05-30-2019

Our SE said -

From the serverclass.conf docs page -

whitelist.<n> = <clientName> | <IP address> | <hostname> | <instanceId>
blacklist.<n> = <clientName> | <IP address> | <hostname> | <instanceId>

'n' is an unsigned integer. The sequence may start at any value and may be non-consecutive.

How can we handle deletions from serverclass.conf?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor