Deployment Architecture

How to add a deployment server to an indexer clustering environment?

avalle
Path Finder

Hello,

I have an indexer clustering environment with 1 Search head, 1 Manager and 2 indexers. I am looking to add a deployment server to manage the configuration files on the universal forwarders that send data to the Indexers. I am reading up on how to do this, but I am confused if this can be done. Does the deployment server need to be part of the cluster even though I am not managing anything in the cluster, or can it just be a regular stand alone Splunk instance that i can just use as a deployment server?

0 Karma
1 Solution

Steve_G_
Splunk Employee
Splunk Employee

The deployment server is separate from the indexer cluster. It does not interact at all with the cluster, but only with the forwarders that it's managing. The simplest approach is to stand up a separate instance and use it as the deployment server

View solution in original post

Steve_G_
Splunk Employee
Splunk Employee

The deployment server is separate from the indexer cluster. It does not interact at all with the cluster, but only with the forwarders that it's managing. The simplest approach is to stand up a separate instance and use it as the deployment server

avalle
Path Finder

Thank you! I just needed some clarification. I am new to splunk and this is the first time I am building a deployment server. Any pointers? the documentation is lengthy!

0 Karma

Steve_G_
Splunk Employee
Splunk Employee

I would recommend using the forwarder management feature, which is basically a front-end to the deployment server. It simplifies the updating process considerably, at the expense of omitting a very small amount of functionality.

Start here: http://docs.splunk.com/Documentation/Splunk/6.3.1511/Updating/Forwardermanagementoverview

0 Karma

avalle
Path Finder

Thank you! I started working on this but now I have an error on my app

In handler 'applications': File='/opt/splunk/etc/deployment-apps/security/local/app.conf', needed for application=security, not found

Any ideas?

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...