Hello,
I have an indexer clustering environment with 1 Search head, 1 Manager and 2 indexers. I am looking to add a deployment server to manage the configuration files on the universal forwarders that send data to the Indexers. I am reading up on how to do this, but I am confused if this can be done. Does the deployment server need to be part of the cluster even though I am not managing anything in the cluster, or can it just be a regular stand alone Splunk instance that i can just use as a deployment server?
The deployment server is separate from the indexer cluster. It does not interact at all with the cluster, but only with the forwarders that it's managing. The simplest approach is to stand up a separate instance and use it as the deployment server
The deployment server is separate from the indexer cluster. It does not interact at all with the cluster, but only with the forwarders that it's managing. The simplest approach is to stand up a separate instance and use it as the deployment server
Thank you! I just needed some clarification. I am new to splunk and this is the first time I am building a deployment server. Any pointers? the documentation is lengthy!
I would recommend using the forwarder management feature, which is basically a front-end to the deployment server. It simplifies the updating process considerably, at the expense of omitting a very small amount of functionality.
Start here: http://docs.splunk.com/Documentation/Splunk/6.3.1511/Updating/Forwardermanagementoverview
Thank you! I started working on this but now I have an error on my app
In handler 'applications': File='/opt/splunk/etc/deployment-apps/security/local/app.conf', needed for application=security, not found
Any ideas?