Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I make changes to server.conf?

brent_weaver
Builder
‎08-31-2017 10:52 AM

I need to make some changes and Splunk proServe tells me that I can use the deployment server to make this change. How is this done outside of the ../etc/systemp/local/ dir? Bundle it in an app? If so what about precedence?

Any guidance is appreciated!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-31-2017 05:33 PM

Any configuration in $SPLUNK_HOME/etc/system/local/ is GOD and cannot be overridden by anything in $SPLUNK_HOME/etc/apps/ (the stuff that is pulled in from the Deployment Server). You have to migrate that stuff out of $SPLUNK_HOME/etc/system/local/ first (it never should have been put there).

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-31-2017 05:33 PM

Any configuration in $SPLUNK_HOME/etc/system/local/ is GOD and cannot be overridden by anything in $SPLUNK_HOME/etc/apps/ (the stuff that is pulled in from the Deployment Server). You have to migrate that stuff out of $SPLUNK_HOME/etc/system/local/ first (it never should have been put there).

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎09-05-2017 05:09 AM

OK this is exactly what I thought, I appreciate your time!
Thanks everyone.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎08-31-2017 11:16 AM

yes you will bundle configurations in an app.
splunk configuration precedence is*:
1. System local directory -- highest priority
2. App local directories
3. App default directories
4. System default directory -- lowest priority

hope it helps

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎08-31-2017 11:15 AM

Interesting thing. For /opt/splunk/etc/system/local/server.conf on the SH, for example, I make the changes on each SH and bounce each one. The deployment server only deploys to the forwarders...

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎08-31-2017 11:28 AM

the deployment server can deploy to any non-clustered splunk instance
Indexer, Search Head, Heavy Forwarder and more
also, it can not deploy to itself

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...