Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

One Universal Forwarder on my one Server , But should managed by two different deployment server

sumitkathpal
Explorer
‎08-31-2016 12:24 AM

Dear Experts,

I am stuck in one scenario , Where 2 independent Splunk instance are running by different business unit . One is Security and another is Business Team . The server from where we need to collect the logs already have the universal forwarder installed & Reporting to one splunk server , Deployment Server . Now from same server we need to collect the logs from security point of view .
We want this server should report to our splunk instance means for log collection (Indexer) and Deployment Server.

What will be the best practice to collect the logs & Report to deployment server.

Thanks

Tags (1)
0 Karma
Reply

ddrillic
Ultra Champion
‎08-31-2016 07:14 AM

Very interesting discussion at Best practice to give deployment server detail in universal forwarders

It says there -

-- If you plan on creating a new deployment server in the future with a different IP, or you plan to create a multiple deployment server set up in the future, or if you just want more control from your deployment server, then you should not put the deploymentclient.conf file in the system\local folder because you can't change that from the centrally managed deployment server. In this case, you want to move or create the deploymentclient.conf file in a new folder in the splunk\etc\apps\ directory - make sure you use the same folder name on all like clients because it can managed by the deployment server.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...