Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I make changes to server.conf?

brent_weaver
Builder
‎08-31-2017 10:52 AM

I need to make some changes and Splunk proServe tells me that I can use the deployment server to make this change. How is this done outside of the ../etc/systemp/local/ dir? Bundle it in an app? If so what about precedence?

Any guidance is appreciated!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-31-2017 05:33 PM

Any configuration in $SPLUNK_HOME/etc/system/local/ is GOD and cannot be overridden by anything in $SPLUNK_HOME/etc/apps/ (the stuff that is pulled in from the Deployment Server). You have to migrate that stuff out of $SPLUNK_HOME/etc/system/local/ first (it never should have been put there).

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-31-2017 05:33 PM

Any configuration in $SPLUNK_HOME/etc/system/local/ is GOD and cannot be overridden by anything in $SPLUNK_HOME/etc/apps/ (the stuff that is pulled in from the Deployment Server). You have to migrate that stuff out of $SPLUNK_HOME/etc/system/local/ first (it never should have been put there).

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎09-05-2017 05:09 AM

OK this is exactly what I thought, I appreciate your time!
Thanks everyone.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎08-31-2017 11:16 AM

yes you will bundle configurations in an app.
splunk configuration precedence is*:
1. System local directory -- highest priority
2. App local directories
3. App default directories
4. System default directory -- lowest priority

hope it helps

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎08-31-2017 11:15 AM

Interesting thing. For /opt/splunk/etc/system/local/server.conf on the SH, for example, I make the changes on each SH and bounce each one. The deployment server only deploys to the forwarders...

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎08-31-2017 11:28 AM

the deployment server can deploy to any non-clustered splunk instance
Indexer, Search Head, Heavy Forwarder and more
also, it can not deploy to itself

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...