Team,
We have a search head cluster and indexer cluster in our current Splunk environment. We don't have a deployment server and we decided to set up a new one.
What are all the pre-requests that should be considered, since our current environment is on a clustering model?
Thanks.
@ @vj_hawk21,
No settings on Indexers, follow the instructions at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver
in few words:
at this point you should see the new clients on the DS.
now, on DS:
Now you should have your Deployment Server Up and running.
For your knoledge, a TA must have the same folder structure of other apps:
The files in TA_Forwarders must be three and must be in local or in default:
Apps.conf:
#
# Splunk app configuration file
#
[install]
is_configured = 0
[ui]
is_visible = 1
label = TA_Forwarders
[launcher]
author = Giuseppe Cusello
description = technocal Add-On to address all the clients
version = 1.0.0
Outputs.conf (if you have Indexer Discovery enabled on Indexers' Cluster):
[indexer_discovery:<name>]
pass4SymmKey = <string>
master_uri = <uri>
[tcpout:<target_group>]
indexerDiscovery = <name>
[tcpout]
defaultGroup = <target_group>
Outputs.conf (if you haven't Indexer Discovery enabled on Indexers' Cluster):
[tcpout]
defaultGroup = default-autolb-group
[tcpout-server://xx.xx.xx.xx:9997]
[tcpout-server://yy.yy.yy.yy:9997]
[tcpout:default-autolb-group]
server = xx.xx.xx.xx:9997,yy.yy.yy.yy:9997
disabled=false
deploymentclient.conf:
[deployment-client]
[target-broker:deploymentServer]
targetUri= zz.zz.zz.zz:8089
Don't follow my notes, see the documentation on the top!
Ciao,
Giuseppe
Hi @,
Deployment Server is a dedicated server that has to have the standard Splunk stand alone server:
Deployment server can be only a stand alone server and there isn't a clustered version.
It isn't a Single Point of Failure because your architecture can run also without (for a limited time) it.
Remember to configure your DS to send its logs to the indexers as all the other Splunk servers.
More infos are at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver
Ciao.
Giuseppe
@gcusello Thanks for your response. Since i m setting up the deployment server for the first time, can you help me what the configurations we need to update in deployment server and indexers
@ @vj_hawk21,
No settings on Indexers, follow the instructions at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver
in few words:
at this point you should see the new clients on the DS.
now, on DS:
Now you should have your Deployment Server Up and running.
For your knoledge, a TA must have the same folder structure of other apps:
The files in TA_Forwarders must be three and must be in local or in default:
Apps.conf:
#
# Splunk app configuration file
#
[install]
is_configured = 0
[ui]
is_visible = 1
label = TA_Forwarders
[launcher]
author = Giuseppe Cusello
description = technocal Add-On to address all the clients
version = 1.0.0
Outputs.conf (if you have Indexer Discovery enabled on Indexers' Cluster):
[indexer_discovery:<name>]
pass4SymmKey = <string>
master_uri = <uri>
[tcpout:<target_group>]
indexerDiscovery = <name>
[tcpout]
defaultGroup = <target_group>
Outputs.conf (if you haven't Indexer Discovery enabled on Indexers' Cluster):
[tcpout]
defaultGroup = default-autolb-group
[tcpout-server://xx.xx.xx.xx:9997]
[tcpout-server://yy.yy.yy.yy:9997]
[tcpout:default-autolb-group]
server = xx.xx.xx.xx:9997,yy.yy.yy.yy:9997
disabled=false
deploymentclient.conf:
[deployment-client]
[target-broker:deploymentServer]
targetUri= zz.zz.zz.zz:8089
Don't follow my notes, see the documentation on the top!
Ciao,
Giuseppe