Deployment Architecture

How do i configure serverclass.conf for a deployment server?

Splunk Employee
Splunk Employee

How do i configure a serverclass.conf for a deployment server, with multiple apps based on host connections?

Tags (1)
1 Solution

Splunk Employee
Splunk Employee

The following is a good example. It shows use of a few features:

  • Using the [global] section to set global defaults
  • Using machine types to select classes
  • Layering multiple classes and multiple apps
  • Using appFile to push out an app from a different name
  • Removing apps by pushing out emptyapp, which should be an app folder that contains only an empty local folder

serverclass.conf:

[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true

[serverClass:base]
whitelist.0=*
[serverClass:base:app:myapp1_props]


[serverClass:forwarders]
whitelist.0=*
[serverClass:forwarders:app:forwarder_base]
restartSplunkd = true
[serverClass:forwarders:app:sample_app]
stateOnClient = disabled
[serverClass:forwarders:app:gettingstarted]
stateOnClient = disabled

[serverClass:winforwarders]
machineTypes = windows-intel,windows-x64
[serverClass:winforwarders:app:SplunkLightForwarder-win]
restartSplunkd = true
[serverClass:winforwarders:app:wininputs]
restartSplunkd = true
[serverClass:winforwarders:app:SplunkLightForwarder]
appFile = emptyapp
stateOnClient = disabled


[serverClass:linforwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:linforwarders:app:SplunkLightForwarder-oth]
restartSplunkd = true
[serverClass:linforwarders:app:SplunkLightForwarder]
stateOnClient = disabled
restartSplunkd = true

[serverClass:myapp1]
whitelist.0=xxx.*
whitelist.1=yyy.*
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true

[serverClass:myapp2]
whitelist.0=10.11.12.*
whitelist.1=10.11.13.*
[serverClass:myapp2:app:myapp2_inputs]
restartSplunkd = true

View solution in original post

Explorer

I setup a brand new splunk box, and I go to forwarder managment and I get "there is an error in your serverclass.conf which is preventing deployment server from initializing. Please see your serverclass.conf.spec file for more information." Thought this might help but from reading above I dont' don't know how to create a a serverclass.conf or where it goes. What should it be for a new blank server?

0 Karma

Splunk Employee
Splunk Employee

The following is a good example. It shows use of a few features:

  • Using the [global] section to set global defaults
  • Using machine types to select classes
  • Layering multiple classes and multiple apps
  • Using appFile to push out an app from a different name
  • Removing apps by pushing out emptyapp, which should be an app folder that contains only an empty local folder

serverclass.conf:

[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true

[serverClass:base]
whitelist.0=*
[serverClass:base:app:myapp1_props]


[serverClass:forwarders]
whitelist.0=*
[serverClass:forwarders:app:forwarder_base]
restartSplunkd = true
[serverClass:forwarders:app:sample_app]
stateOnClient = disabled
[serverClass:forwarders:app:gettingstarted]
stateOnClient = disabled

[serverClass:winforwarders]
machineTypes = windows-intel,windows-x64
[serverClass:winforwarders:app:SplunkLightForwarder-win]
restartSplunkd = true
[serverClass:winforwarders:app:wininputs]
restartSplunkd = true
[serverClass:winforwarders:app:SplunkLightForwarder]
appFile = emptyapp
stateOnClient = disabled


[serverClass:linforwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:linforwarders:app:SplunkLightForwarder-oth]
restartSplunkd = true
[serverClass:linforwarders:app:SplunkLightForwarder]
stateOnClient = disabled
restartSplunkd = true

[serverClass:myapp1]
whitelist.0=xxx.*
whitelist.1=yyy.*
[serverClass:myapp1:app:myapp1_inputs]
restartSplunkd = true

[serverClass:myapp2]
whitelist.0=10.11.12.*
whitelist.1=10.11.13.*
[serverClass:myapp2:app:myapp2_inputs]
restartSplunkd = true

View solution in original post

Splunk Employee
Splunk Employee

Here's an example of a serverclass.conf with various hosts making connections and 2 different apps, a mail_server app and win_clients app. In this examples only hosts starting with the hostname of host_123 or host_456 will get the "win" app. While hosts starting with the hostname of mail will get the "mail" app.

[global]
whitelist.0=host_123*
whitelist.1=host_456*
whitelist.2=mail*
whitelist.3=host_abc*
whitelist.4=host_xyz*

[serverClass:win_clients]
whitelist.0=host_123*
whitelist.1=host_456*
blacklist.1=mail*
blacklist.2=host_abc*
blacklist.3=host_xyz*

[serverClass:win_clients:app:win]
stateOnClient=enabled
restartSplunkd = true

[serverClass:mail_servers]
whitelist.0=mail*
blacklist.0=host_123*
blacklist.1=host_456*
blacklist.2=host_abc*
blacklist.3=host_xyz*

[serverClass:mail_servers:app:mail]
stateOnClient=enabled
restartSplunkd = true

The apps directories by default will reside on the deployment server in $SPLUNK_HOME/deployment-apps, so any config files should be placed there to be deployed to clients. Once deployed on the clients they will reside on $SPLUNK_HOME/apps

Many more options can be found in http://www.splunk.com/base/Documentation/4.0.9/Admin/Definedeploymentclasses
and http://www.splunk.com/base/Documentation/4.0.9/Admin/Serverclassconf