I appologize if this is a double post. I don't know what happened to my previous attemt 😛
In my environment the servers are configured with multiple IP addresses to add flexibility when moving services between hosts. bond0 is the host IP address, bond0.1 is the "service volume".
My forwarder is getting recognized from the bond0 ip address. I want it to be recognized from the bond0.1 address. I've tried the following change to the $SPLUNK_HOME/etc/splunk-launch.conf but this did not work:
SPLUNK_BINDIP={volume_IP_address}
-Thank you for any insight you can provide.
For the purposes of the deployment server, all you need is the Splunk server name. This DEFAULTS to the system hostname if not specified, but you can set it explicitly in ~splunk/etc/system/local/server.conf in the general stanza:
[general]
guid = {Splunk's auto-generated GUID} (leave this untouched)
serverName = whatever.host.and.domain.you.want (change this to whatever takes your fancy)
Actually, I'm not really sure why feel you need to "fool" the deployment server. Just set up a common deployment config that suits all the machines the virtual address might float between. What are you trying to do? Not meaning to be rude, but I suspect you might have your reasoning backward.
No, your questions are valid, thanks for trying to understand.
I just dont want Splunk to use the hostname when referring to the deployment client. I want the DNS name or another value I specify to be the name Splunk recognizes for deployment-client name.
When I look at the ~splunk/etc/system/local/server.conf, There is no guid = attribute in the file, and I am not adding it manually.
If I change the serverName = attribute to either the dnsname I want, or the value I want, then restart, it still gets picked up and listed by the deployment server using the hostname.
-Thanks
No, you don't touch the guid. That is (nominally) unique to each Splunk instance of any variety. The point is that the Splunk server you are deploying apps to can be called whatever you like to Splunk internally. You just need to populate the serverName field with your preferred name and restart. This will then be the server name that the Deployment server is polled with (although of course your deployment rules can be based on plenty of criteria other than splunk instance name).
I tried using the clientname value for the GUID= value, that did not work. I am guessing the guid is somewhere else. I will keep researching!
So, I wait until the deployment-client establishes a connection with the deployment-server, then copy the "clientname" value from the forwarder management page, then put it in the " guid = " attribute?