Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RPM for splunk light forwarder...

balbano
Contributor
‎05-03-2010 02:50 PM

Hi,

I realize that splunk and splunk light forwarder are apart of the same package RPM since light forwarder is just disabled by default. But has anyone ever tried to repackage the existing splunk rpm and make it as to where splunk light forwarder is set to enabled by default?

If that's not a real good idea can you let me know whats the best way to quickly roll out splunk light forwarder to 500+ servers?

I also know you can use the deployment server/client model but to my knowledge it will only control the config distribution.

Any help you can provide would be of much help.

Thanks.

Brian A

Reply
1 Solution
Solved! Jump to solution
Solution

balbano
Contributor
‎05-19-2010 04:48 AM

We created a custom RPM which simply had the deploymentclient.conf file so that once splunk was installed it would phone home to the deployment server and pull the configs that would turn it into a Splunk Light Forwarder. It is pretty easy and the transition from Splunk Full Version to Light Forwarder is rather quick.

Also to help further minimize the forwarder footprint... we modified log.cfg to retain only 1 backup file as opposed to the default 5 backup files.

Thanks for all of the ideas.

Brian

View solution in original post

Reply
Solved! Jump to solution
Solution

balbano
Contributor
‎05-19-2010 04:48 AM

We created a custom RPM which simply had the deploymentclient.conf file so that once splunk was installed it would phone home to the deployment server and pull the configs that would turn it into a Splunk Light Forwarder. It is pretty easy and the transition from Splunk Full Version to Light Forwarder is rather quick.

Also to help further minimize the forwarder footprint... we modified log.cfg to retain only 1 backup file as opposed to the default 5 backup files.

Thanks for all of the ideas.

Brian

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎05-03-2010 08:53 PM

You could create your own tar or rpm of a splunk configured a certain way if you're facile with RPM. If you're not facile with RPM, then this approach is unlikely to be fruitful. Generally, I recommend investing in any deployment strategy you already use.

If you'd like a package that deploys splunk as a light forwarder in some fashion, feel free to lob an official enhancement request our way, but still you'd have to tell the forwarder where to forward to get a complete setup, so I'm not sure it would be useful.

0 Karma
Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎05-27-2010 09:03 PM

Our first-time startup is interactive, so you'd have to package the system post-first-time-run. However, that gets into problems where we store the hostname in configfiles. All of this is due to be more fully enabled in 4.2.

0 Karma
Reply
Solved! Jump to solution

balbano
Contributor
‎05-19-2010 08:23 PM

Hi jrodman, I was able to get a custom RPM installed but was curious to see if it was possible to add 2 specs to the rpm:

  1. have the startup scripts automatically install upon rpm installation

AND

  1. Have the Splunk Environment Variable set to /usr/local/bin so that you can run the splunk command without having to type $Splunk_Home/bin/splunk...

Is that possible? If so what would need to be done? Any help you can provide would be great. Thanks.

Brian

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-03-2010 06:21 PM

This will probably help:

http://answers.splunk.com/questions/434/can-i-auto-install-or-deploy-splunk-onto-all-my-remote-windo...

It references Windows, but in fact much of it is applicable to any platform. Basically, you figure out the desired final configuration files and lay them on top of the install/RPM. All Splunk configuration (whether you set it via the GUI or the CLI) is stored and read from the configuration files.

0 Karma
Reply
Solved! Jump to solution

Mick
Splunk Employee
Splunk Employee
‎05-03-2010 03:31 PM

Hi there.

Splunk are planning on shipping a 'LightForwarder' package in a future release, but that is likely to come along with the next major release. We have just released 4.1, which means our next major release will likely be close to the end of the year, but no target date has been set yet.

Currently, the recommended deployment method for this many servers is to use a deployment tool such as Puppet to handle the initial Splunk installation and configuration with a CLI command. You can enable both the SplunkLightForwarder app and the deployment client functionality using this method.

The commands to set up forwarding are detailed here and the commands for the deployment client feature are here

Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎05-03-2010 03:44 PM

CFEngine is another good option as well

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...