Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I make changes to server.conf?

brent_weaver
Builder
‎08-31-2017 10:52 AM

I need to make some changes and Splunk proServe tells me that I can use the deployment server to make this change. How is this done outside of the ../etc/systemp/local/ dir? Bundle it in an app? If so what about precedence?

Any guidance is appreciated!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-31-2017 05:33 PM

Any configuration in $SPLUNK_HOME/etc/system/local/ is GOD and cannot be overridden by anything in $SPLUNK_HOME/etc/apps/ (the stuff that is pulled in from the Deployment Server). You have to migrate that stuff out of $SPLUNK_HOME/etc/system/local/ first (it never should have been put there).

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-31-2017 05:33 PM

Any configuration in $SPLUNK_HOME/etc/system/local/ is GOD and cannot be overridden by anything in $SPLUNK_HOME/etc/apps/ (the stuff that is pulled in from the Deployment Server). You have to migrate that stuff out of $SPLUNK_HOME/etc/system/local/ first (it never should have been put there).

0 Karma
Reply
Solved! Jump to solution

brent_weaver
Builder
‎09-05-2017 05:09 AM

OK this is exactly what I thought, I appreciate your time!
Thanks everyone.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎08-31-2017 11:16 AM

yes you will bundle configurations in an app.
splunk configuration precedence is*:
1. System local directory -- highest priority
2. App local directories
3. App default directories
4. System default directory -- lowest priority

hope it helps

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎08-31-2017 11:15 AM

Interesting thing. For /opt/splunk/etc/system/local/server.conf on the SH, for example, I make the changes on each SH and bounce each one. The deployment server only deploys to the forwarders...

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎08-31-2017 11:28 AM

the deployment server can deploy to any non-clustered splunk instance
Indexer, Search Head, Heavy Forwarder and more
also, it can not deploy to itself

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top