Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Deployment Architecture
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How to change Deployment Client Instance ID?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
guarisma
Communicator
11-20-2020
01:12 PM
I have a couple of heavy Forwarders that we've been using for a while without a deployment server, now we want to use a DS to manage their Apps and make sure they are consistent, but it seems the original installation was a clone or a copy of the splunk folder so both instances have the same GUID (Instance ID)
The Deployment Server is noticing this:
WARN ClientSessionsManager - Client with Id 'F8857965-300D-4E42-AECA-D35597DC4441' has changed some of its properties on the latest phone home.Old properties are: {ip=38.X.X.X, dns=FQDN, hostname=XXXCHSLKHF01, deploymentClientName="XXXCHSLKHF01", connectionId=connection_38.x.x.x.x_8089_38X.X.X_XXXCHSLKHF01_XXXCHSLKHF01, utsname="linux-x86_64", build=7af3758d0d5e, mgmt=8089, splunkVersion=7.3.3, package=enterprise, instanceId=F8857965-300D-4E42-AECA-D35597DC4441, instanceName=XXXCHSLKHF01}. New properties are: {ip=38.X.X.X, dns=38.130.118.2, hostname=XXXMNSLKHF01, deploymentClientName="F8857965-300D-4E42-AECA-D35597DC4441", connectionId=connection_38.X.X.X_8089_38.X.X.X_XXXMNSLKHF01_F8857965-300D-4E42-AECA-D35597DC4441, utsname="linux-x86_64", build=7af3758d0d5e, mgmt=8089, splunkVersion=7.3.3, package=enterprise, instanceId=F8857965-300D-4E42-AECA-D35597DC4441, instanceName=XXXMNSHF}.So the DS will replace one HF with the other every time one calls back.
How can I change this Instance ID?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
thambisetty
Super Champion
11-22-2020
12:07 AM
I follow below steps after vm is cloned:
sudo -u splunkuser $SPLUNK_HOME/bin/splunk set servername $HOSTNAME
sudo -u splunkuser $SPLUNK_HOME/bin/splunk set default-hostname $HOSTNAME
sudo -u splunkuser rm -rf $SPLUNK_HOME/etc/instance.cfg
sudo -u splunkuser $SPLUNK_HOME/bin/splunk restart
————————————
If this helps, give a like below.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
thambisetty
Super Champion
11-22-2020
12:07 AM
I follow below steps after vm is cloned:
sudo -u splunkuser $SPLUNK_HOME/bin/splunk set servername $HOSTNAME
sudo -u splunkuser $SPLUNK_HOME/bin/splunk set default-hostname $HOSTNAME
sudo -u splunkuser rm -rf $SPLUNK_HOME/etc/instance.cfg
sudo -u splunkuser $SPLUNK_HOME/bin/splunk restart
————————————
If this helps, give a like below.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
guarisma
Communicator
11-24-2020
07:39 AM
Thanks!
I just needed this line in my case since someone else change the rest manually
sudo -u splunkuser rm -rf $SPLUNK_HOME/etc/instance.cfg
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
soutamo
SplunkTrust
11-24-2020
08:17 AM
Please try to avoid -r on rm unless your really want to remove files recursively!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
soutamo
SplunkTrust
11-22-2020
03:27 AM
How to prepare colder image for UF https://docs.splunk.com/Documentation/Forwarder/8.1.0/Forwarder/Makeauniversalforwarderpartofahostim... and for full enterprise https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/IntegratefullSplunkontoasystemimage
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
guarisma
Communicator
11-24-2020
07:40 AM
Thanks, this is great material, I'm forwarding this information to my client
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
vikramyadav
Contributor
11-21-2020
09:09 PM
It doesn't mean anything, but definitely you can just delete it and it will be re-generated.
-------------------------------
If this help your like would be appreciated 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
guarisma
Communicator
11-24-2020
07:42 AM
Right, but I didn't know where to find it to change it or delete it, now I know it's in
sudo -u splunkuser rm -rf $SPLUNK_HOME/etc/instance.cfg- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
soutamo
SplunkTrust
11-20-2020
02:01 PM
Hi
I haven’t try to change this on live instance, but you could try to change GUID on instance.cfg file. https://docs.splunk.com/Documentation/Splunk/7.3.3/Admin/Instancecfgconf
r. Ismo
I haven’t try to change this on live instance, but you could try to change GUID on instance.cfg file. https://docs.splunk.com/Documentation/Splunk/7.3.3/Admin/Instancecfgconf
r. Ismo
.conf21 CFS Extended through 5/20!
Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!
Call for Speakers has
been extended through
Thursday, 5/20!
Submit Now! >
