I feel like this may be a dumb question, but I have scoured the documentation and I must be missing something.
I'm sure there is a way to manage the configuration of a Universal Forwarder from the Splunk web interface, yes?
This page implies that I can deploy the Forwarders with minimum options and depend on the deployment server to configure in inputs.conf and other things on the forwarding host.
This is what I would push out to my servers
msiexec.exe /i splunkuniversalforwarder_x86.msi DEPLOYMENT_SERVER="deploymentserver1:8089" AGREETOLICENSE=Yes /quiet
But then how do I specify the configuration on my deployment server?? I can verify that the server is calling home, but for the life of me I cannot find where/how to say "forward me this, this and this... put the data in this index... throttle to this bandwidth etc" I would like to do this in a bulk fashion for a large number of machines. Is this not a feature of Splunk or am I missing something here?
You need to do a few things on your selected deployment server before it knows it's a deployment server and before it knows where to send information.
This link shows you the old way of doing things: http://wiki.splunk.com/Deploy:DeploymentServer. It has the cli to enable the deployment server, it has examples for serverclass.conf, and a number of other useful tidbits
In v6.0+ there is a new gui interface for serverclass creation and management. But the above link should get you started.
Hope this helps.
Yes the answer points you to right direction. When you install a forwarder you don't get anything if you don't specify other parameters like RECEIVING_INDEXER etc.. So you need to have a app to push from deployment server to you newly installed forwarder(called the client). The app will tell where to forward by output.conf file.