Deployment Architecture

How do i configure serverclass.conf for a deployment server?

Chris_R_
Splunk Employee
Splunk Employee

How do i configure a serverclass.conf for a deployment server, with multiple apps based on host connections?

Tags (1)
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

The following is a good example. It shows use of a few features:

  • Using the [global] section to set global defaults
  • Using machine types to select classes
  • Layering multiple classes and multiple apps
  • Using appFile to push out an app from a different name
  • Removing apps by pushing out emptyapp, which should be an app folder that contains only an empty local folder

serverclass.conf:

[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true

[serverClass:base]
whitelist.0=*
[serverClass:base:app:myapp1_props]


[serverClass:forwarders]
whitelist.0=*
[serverClass:forwarders:app:forwarder_base]
restartSplunkd = true
[serverClass:forwarders:app:sample_app]
stateOnClient = disabled
[serverClass:forwarders:app:gettingstarted]
stateOnClient = disabled

[serverClass:winforwarders]
machineTypes = windows-intel,windows-x64
[serverClass:winforwarders:app:SplunkLightForwarder-win]
restartSplunkd = true
[serverClass:winforwarders:app:wininputs]
restartSplunkd = true
[serverClass:winforwarders:app:SplunkLightForwarder]
appFile = emptyapp
stateOnClient = disabled


[serverClass:linforwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:linforwarders:app:SplunkLightForwarder-oth]
restartSplunkd = true
[serverClass:linforwarders:app:SplunkLightForwarder]
stateOnClient = disabled
restartSplunkd = true

[serverClass:myapp1]
whitelist.0=xxx.*
whitelist.1=yyy.*
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true

[serverClass:myapp2]
whitelist.0=10.11.12.*
whitelist.1=10.11.13.*
[serverClass:myapp2:app:myapp2_inputs]
restartSplunkd = true

View solution in original post

mendesjo
Path Finder

I setup a brand new splunk box, and I go to forwarder managment and I get "there is an error in your serverclass.conf which is preventing deployment server from initializing. Please see your serverclass.conf.spec file for more information." Thought this might help but from reading above I dont' don't know how to create a a serverclass.conf or where it goes. What should it be for a new blank server?

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

The following is a good example. It shows use of a few features:

  • Using the [global] section to set global defaults
  • Using machine types to select classes
  • Layering multiple classes and multiple apps
  • Using appFile to push out an app from a different name
  • Removing apps by pushing out emptyapp, which should be an app folder that contains only an empty local folder

serverclass.conf:

[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true

[serverClass:base]
whitelist.0=*
[serverClass:base:app:myapp1_props]


[serverClass:forwarders]
whitelist.0=*
[serverClass:forwarders:app:forwarder_base]
restartSplunkd = true
[serverClass:forwarders:app:sample_app]
stateOnClient = disabled
[serverClass:forwarders:app:gettingstarted]
stateOnClient = disabled

[serverClass:winforwarders]
machineTypes = windows-intel,windows-x64
[serverClass:winforwarders:app:SplunkLightForwarder-win]
restartSplunkd = true
[serverClass:winforwarders:app:wininputs]
restartSplunkd = true
[serverClass:winforwarders:app:SplunkLightForwarder]
appFile = emptyapp
stateOnClient = disabled


[serverClass:linforwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:linforwarders:app:SplunkLightForwarder-oth]
restartSplunkd = true
[serverClass:linforwarders:app:SplunkLightForwarder]
stateOnClient = disabled
restartSplunkd = true

[serverClass:myapp1]
whitelist.0=xxx.*
whitelist.1=yyy.*
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true

[serverClass:myapp2]
whitelist.0=10.11.12.*
whitelist.1=10.11.13.*
[serverClass:myapp2:app:myapp2_inputs]
restartSplunkd = true

Chris_R_
Splunk Employee
Splunk Employee

Here's an example of a serverclass.conf with various hosts making connections and 2 different apps, a mail_server app and win_clients app. In this examples only hosts starting with the hostname of host_123 or host_456 will get the "win" app. While hosts starting with the hostname of mail will get the "mail" app.

[global]
whitelist.0=host_123*
whitelist.1=host_456*
whitelist.2=mail*
whitelist.3=host_abc*
whitelist.4=host_xyz*

[serverClass:win_clients]
whitelist.0=host_123*
whitelist.1=host_456*
blacklist.1=mail*
blacklist.2=host_abc*
blacklist.3=host_xyz*

[serverClass:win_clients:app:win]
stateOnClient=enabled
restartSplunkd = true

[serverClass:mail_servers]
whitelist.0=mail*
blacklist.0=host_123*
blacklist.1=host_456*
blacklist.2=host_abc*
blacklist.3=host_xyz*

[serverClass:mail_servers:app:mail]
stateOnClient=enabled
restartSplunkd = true

The apps directories by default will reside on the deployment server in $SPLUNK_HOME/deployment-apps, so any config files should be placed there to be deployed to clients. Once deployed on the clients they will reside on $SPLUNK_HOME/apps

Many more options can be found in http://www.splunk.com/base/Documentation/4.0.9/Admin/Definedeploymentclasses
and http://www.splunk.com/base/Documentation/4.0.9/Admin/Serverclassconf

Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...