The instructions say to create directories on the deployment server, but I don't have access to the deployment server as far as I can tell. I chose a bad name when I first set the trial up, and now I cannot figure out how to create a deployment app with the name I really want.
"5. On the deployment server's file system, create directories for the deployment apps that will hold the content you plan to distribute to clients. Put the app content into those directories, either now or later. Refer to "Create deployment apps" for details. You can add more deployment apps later."
If you are running in Splunk Cloud, then you cannot do it because you cannot access CLI. Even if you could, it would be WAY too much useless traffic and cost you extra. I see no advantages and plenty of downsides. Just get a spare server that you have laying around your data center or lab, make it a Search Head and use it as your DS. What is wrong with that plan?
If you are running in Splunk Cloud, then you cannot do it because you cannot access CLI. Even if you could, it would be WAY too much useless traffic and cost you extra. I see no advantages and plenty of downsides. Just get a spare server that you have laying around your data center or lab, make it a Search Head and use it as your DS. What is wrong with that plan?
Isn't that missing the point of a cloud offering? We don't want to manage anything.
You need to manage the apps that you desire to deploy (you really cannot offload that responsibility). Go ahead and spin up your own separate DS on a server in the free AWS tier if you like but there is NO WAY Splunk is ever going to give anybody CLI on any Cloud Splunk instance.
Do this:
1: Login CLI to your Deployment Server.
2: Go to $SPLUNK_HOME/etc/
3: if a directory called deployment-apps
does not exist, create one.
4: Take the app that you have already built or downloaded, which resides in $SPLUNK_HOME/etc/apps/MyApp/
on one of your Search Heads and move it onto your Deployment Server as $SPLUNK_HOME/etc/deployment-apps/MyApp/
.
That's it. You now have created a deployment app.
This is Splunk Light running in Splunk's cloud, how do I CLI into the deployment server?
Good point. Splunk cloud will not let you get to CLI! That is a problem!
Sorry, I should have been much more explicit in my question. It gets a little confusing talking about Splunk Light and Splunk Cloud these days.
No, that is my fault. When I read Light
, I thought Cloud
because Cloud
will not let you get to CLI. For Light
, you just do it. There is nothing preventing you from accessing CLI. I do not understand your trouble there.
Well, not to confuse things any further... I am running Splunk Light Cloud Service 15-day trial. Nothing on-prem here at all. https://www.splunk.com/getsplunk/light_trial
It is not a good idea for you to use a Search Head in AWS as your Deployment Server. I see no advantages and plenty of downsides. Just get a spare server that you have laying around your data center or lab, make it a Search Head and use it as your DS. What is wrong with that plan?
Search Head? Deployment Server? None of these are exposed to me when running on Splunk's cloud offering as far as I can tell. For now I just manually dropped the necessary inputs.conf here on all of my forwarding machines (running under AWS) and restarted the forwarder service.
C:\Program Files\SplunkUniversalForwarder\etc\apps{appname}\local
I'm getting the data I need now, and skipped using the deployment server method altogether.
What instructions are you looking at? Can you provide a link to these instructions, and I can look into providing you with more information. Thanks!
That quote above specifically is from this page:
h t t p :// docs.splunk.com/Documentation/Splunk/6.4.2/Updating/Planadeployment
But similar instructions are here:
h t t p :// docs.splunk.com/Documentation/Splunk/6.4.2/Updating/Createdeploymentapps
We are working with a 15 day trial of Splunk light. The Forwarder Management menu item seems like it gets closest to the area I want, but I just can't figure out how to create a new app. I tried creating a directory under $SPLUNK_HOME/etc/deployment-apps on one of the Windows machines with the Universal Forwarder installed, but just hit a dead end. I think the instructions I'm seeing are for on prem or enterprise or something other than what I'm working with.
I'm sort of coming to the conclusion that I should deploy the conf files myself via script or something to all of my forwarders. I just can't figure out the deployment server, it seems very limited in it's "light" implementation. Hoping I'm missing something.