- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How do i configure serverclass.conf for a deployme...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do i configure a serverclass.conf for a deployment server, with multiple apps based on host connections?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following is a good example. It shows use of a few features:
- Using the
[global]section to set global defaults - Using machine types to select classes
- Layering multiple classes and multiple apps
- Using appFile to push out an app from a different name
- Removing apps by pushing out
emptyapp, which should be an app folder that contains only an emptylocalfolder
serverclass.conf:
[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true
[serverClass:base]
whitelist.0=*
[serverClass:base:app:myapp1_props]
[serverClass:forwarders]
whitelist.0=*
[serverClass:forwarders:app:forwarder_base]
restartSplunkd = true
[serverClass:forwarders:app:sample_app]
stateOnClient = disabled
[serverClass:forwarders:app:gettingstarted]
stateOnClient = disabled
[serverClass:winforwarders]
machineTypes = windows-intel,windows-x64
[serverClass:winforwarders:app:SplunkLightForwarder-win]
restartSplunkd = true
[serverClass:winforwarders:app:wininputs]
restartSplunkd = true
[serverClass:winforwarders:app:SplunkLightForwarder]
appFile = emptyapp
stateOnClient = disabled
[serverClass:linforwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:linforwarders:app:SplunkLightForwarder-oth]
restartSplunkd = true
[serverClass:linforwarders:app:SplunkLightForwarder]
stateOnClient = disabled
restartSplunkd = true
[serverClass:myapp1]
whitelist.0=xxx.*
whitelist.1=yyy.*
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true
[serverClass:myapp2]
whitelist.0=10.11.12.*
whitelist.1=10.11.13.*
[serverClass:myapp2:app:myapp2_inputs]
restartSplunkd = true
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I setup a brand new splunk box, and I go to forwarder managment and I get "there is an error in your serverclass.conf which is preventing deployment server from initializing. Please see your serverclass.conf.spec file for more information." Thought this might help but from reading above I dont' don't know how to create a a serverclass.conf or where it goes. What should it be for a new blank server?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following is a good example. It shows use of a few features:
- Using the
[global]section to set global defaults - Using machine types to select classes
- Layering multiple classes and multiple apps
- Using appFile to push out an app from a different name
- Removing apps by pushing out
emptyapp, which should be an app folder that contains only an emptylocalfolder
serverclass.conf:
[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true
[serverClass:base]
whitelist.0=*
[serverClass:base:app:myapp1_props]
[serverClass:forwarders]
whitelist.0=*
[serverClass:forwarders:app:forwarder_base]
restartSplunkd = true
[serverClass:forwarders:app:sample_app]
stateOnClient = disabled
[serverClass:forwarders:app:gettingstarted]
stateOnClient = disabled
[serverClass:winforwarders]
machineTypes = windows-intel,windows-x64
[serverClass:winforwarders:app:SplunkLightForwarder-win]
restartSplunkd = true
[serverClass:winforwarders:app:wininputs]
restartSplunkd = true
[serverClass:winforwarders:app:SplunkLightForwarder]
appFile = emptyapp
stateOnClient = disabled
[serverClass:linforwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:linforwarders:app:SplunkLightForwarder-oth]
restartSplunkd = true
[serverClass:linforwarders:app:SplunkLightForwarder]
stateOnClient = disabled
restartSplunkd = true
[serverClass:myapp1]
whitelist.0=xxx.*
whitelist.1=yyy.*
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true
[serverClass:myapp2]
whitelist.0=10.11.12.*
whitelist.1=10.11.13.*
[serverClass:myapp2:app:myapp2_inputs]
restartSplunkd = true
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's an example of a serverclass.conf with various hosts making connections and 2 different apps, a mail_server app and win_clients app. In this examples only hosts starting with the hostname of host_123 or host_456 will get the "win" app. While hosts starting with the hostname of mail will get the "mail" app.
[global]
whitelist.0=host_123*
whitelist.1=host_456*
whitelist.2=mail*
whitelist.3=host_abc*
whitelist.4=host_xyz*
[serverClass:win_clients]
whitelist.0=host_123*
whitelist.1=host_456*
blacklist.1=mail*
blacklist.2=host_abc*
blacklist.3=host_xyz*
[serverClass:win_clients:app:win]
stateOnClient=enabled
restartSplunkd = true
[serverClass:mail_servers]
whitelist.0=mail*
blacklist.0=host_123*
blacklist.1=host_456*
blacklist.2=host_abc*
blacklist.3=host_xyz*
[serverClass:mail_servers:app:mail]
stateOnClient=enabled
restartSplunkd = true
The apps directories by default will reside on the deployment server in $SPLUNK_HOME/deployment-apps, so any config files should be placed there to be deployed to clients. Once deployed on the clients they will reside on $SPLUNK_HOME/apps
Many more options can be found in
http://www.splunk.com/base/Documentation/4.0.9/Admin/Definedeploymentclasses
and
http://www.splunk.com/base/Documentation/4.0.9/Admin/Serverclassconf
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
Splunk Education Goes to Washington | Splunk GovSummit 2024
