Deployment Architecture

How to force deployment server to recognize specific forwarder IP address

working_dog
Explorer

I appologize if this is a double post. I don't know what happened to my previous attemt 😛

In my environment the servers are configured with multiple IP addresses to add flexibility when moving services between hosts. bond0 is the host IP address, bond0.1 is the "service volume".

My forwarder is getting recognized from the bond0 ip address. I want it to be recognized from the bond0.1 address. I've tried the following change to the $SPLUNK_HOME/etc/splunk-launch.conf but this did not work:

SPLUNK_BINDIP={volume_IP_address}

-Thank you for any insight you can provide.

Tags (1)
0 Karma

grijhwani
Motivator

For the purposes of the deployment server, all you need is the Splunk server name. This DEFAULTS to the system hostname if not specified, but you can set it explicitly in ~splunk/etc/system/local/server.conf in the general stanza:

[general]
guid = {Splunk's auto-generated GUID} (leave this untouched)
serverName = whatever.host.and.domain.you.want (change this to whatever takes your fancy)

Actually, I'm not really sure why feel you need to "fool" the deployment server. Just set up a common deployment config that suits all the machines the virtual address might float between. What are you trying to do? Not meaning to be rude, but I suspect you might have your reasoning backward.

0 Karma

working_dog
Explorer

No, your questions are valid, thanks for trying to understand.

I just dont want Splunk to use the hostname when referring to the deployment client. I want the DNS name or another value I specify to be the name Splunk recognizes for deployment-client name.

When I look at the ~splunk/etc/system/local/server.conf, There is no guid = attribute in the file, and I am not adding it manually.

If I change the serverName = attribute to either the dnsname I want, or the value I want, then restart, it still gets picked up and listed by the deployment server using the hostname.

-Thanks

0 Karma

grijhwani
Motivator

No, you don't touch the guid. That is (nominally) unique to each Splunk instance of any variety. The point is that the Splunk server you are deploying apps to can be called whatever you like to Splunk internally. You just need to populate the serverName field with your preferred name and restart. This will then be the server name that the Deployment server is polled with (although of course your deployment rules can be based on plenty of criteria other than splunk instance name).

0 Karma

working_dog
Explorer

I tried using the clientname value for the GUID= value, that did not work. I am guessing the guid is somewhere else. I will keep researching!

0 Karma

working_dog
Explorer

So, I wait until the deployment-client establishes a connection with the deployment-server, then copy the "clientname" value from the forwarder management page, then put it in the " guid = " attribute?

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...