How to force deployment server to recognize specif...

working_dog · ‎12-12-2013

I appologize if this is a double post. I don't know what happened to my previous attemt 😛

In my environment the servers are configured with multiple IP addresses to add flexibility when moving services between hosts. bond0 is the host IP address, bond0.1 is the "service volume".

My forwarder is getting recognized from the bond0 ip address. I want it to be recognized from the bond0.1 address. I've tried the following change to the $SPLUNK_HOME/etc/splunk-launch.conf but this did not work:

SPLUNK_BINDIP={volume_IP_address}

-Thank you for any insight you can provide.

grijhwani · ‎12-12-2013

For the purposes of the deployment server, all you need is the Splunk server name. This DEFAULTS to the system hostname if not specified, but you can set it explicitly in ~splunk/etc/system/local/server.conf in the general stanza:

[general]
guid = {Splunk's auto-generated GUID} (leave this untouched)
serverName = whatever.host.and.domain.you.want (change this to whatever takes your fancy)

Actually, I'm not really sure why feel you need to "fool" the deployment server. Just set up a common deployment config that suits all the machines the virtual address might float between. What are you trying to do? Not meaning to be rude, but I suspect you might have your reasoning backward.

working_dog · ‎12-14-2013

No, your questions are valid, thanks for trying to understand.

I just dont want Splunk to use the hostname when referring to the deployment client. I want the DNS name or another value I specify to be the name Splunk recognizes for deployment-client name.

When I look at the ~splunk/etc/system/local/server.conf, There is no guid = attribute in the file, and I am not adding it manually.

If I change the serverName = attribute to either the dnsname I want, or the value I want, then restart, it still gets picked up and listed by the deployment server using the hostname.

-Thanks

grijhwani · ‎12-12-2013

No, you don't touch the guid. That is (nominally) unique to each Splunk instance of any variety. The point is that the Splunk server you are deploying apps to can be called whatever you like to Splunk internally. You just need to populate the serverName field with your preferred name and restart. This will then be the server name that the Deployment server is polled with (although of course your deployment rules can be based on plenty of criteria other than splunk instance name).

working_dog · ‎12-12-2013

I tried using the clientname value for the GUID= value, that did not work. I am guessing the guid is somewhere else. I will keep researching!

working_dog · ‎12-12-2013

So, I wait until the deployment-client establishes a connection with the deployment-server, then copy the "clientname" value from the forwarder management page, then put it in the " guid = " attribute?

How to force deployment server to recognize specific forwarder IP address

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation