Deployment Architecture

How to add a deployment server to an indexer clustering environment?

avalle
Path Finder

Hello,

I have an indexer clustering environment with 1 Search head, 1 Manager and 2 indexers. I am looking to add a deployment server to manage the configuration files on the universal forwarders that send data to the Indexers. I am reading up on how to do this, but I am confused if this can be done. Does the deployment server need to be part of the cluster even though I am not managing anything in the cluster, or can it just be a regular stand alone Splunk instance that i can just use as a deployment server?

0 Karma
1 Solution

Steve_G_
Splunk Employee
Splunk Employee

The deployment server is separate from the indexer cluster. It does not interact at all with the cluster, but only with the forwarders that it's managing. The simplest approach is to stand up a separate instance and use it as the deployment server

View solution in original post

Steve_G_
Splunk Employee
Splunk Employee

The deployment server is separate from the indexer cluster. It does not interact at all with the cluster, but only with the forwarders that it's managing. The simplest approach is to stand up a separate instance and use it as the deployment server

avalle
Path Finder

Thank you! I just needed some clarification. I am new to splunk and this is the first time I am building a deployment server. Any pointers? the documentation is lengthy!

0 Karma

Steve_G_
Splunk Employee
Splunk Employee

I would recommend using the forwarder management feature, which is basically a front-end to the deployment server. It simplifies the updating process considerably, at the expense of omitting a very small amount of functionality.

Start here: http://docs.splunk.com/Documentation/Splunk/6.3.1511/Updating/Forwardermanagementoverview

0 Karma

avalle
Path Finder

Thank you! I started working on this but now I have an error on my app

In handler 'applications': File='/opt/splunk/etc/deployment-apps/security/local/app.conf', needed for application=security, not found

Any ideas?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...