Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting up Deployment Server to manage multiple instances on a single server

ShaneNewman
Motivator
‎09-14-2014 01:16 PM

Just to explain why I have to do this...

Rack space is at a premium where I work so we had to consolidate our footprint in the data center. I have successfully consolidated 14 physical indexers to 7 physical indexers with 2 instances of Splunk running on each server. Specs for those Indexing servers are:
OS: Linux Red Hat
CPU: 16-core 3.2 GHz
RAM: 128GB
HDD: SAN attached, 3 mounts per instance at 3500 IOPS per mount

I am trying to setup the serverclass.conf file to manage the instances on the indexers separately because the mount points for the indexes are different based on the instance name. How can I do this? I have read the serverclass.conf documentation and cannot find it documented in there anywhere...

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎09-14-2014 01:53 PM

Are you asking how to distinguish two instances on the same machine?
If so, set a clientName each in deploymentclient.conf and refer to that in your serverclass.conf - those are matched first.

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎09-14-2014 01:53 PM

Are you asking how to distinguish two instances on the same machine?
If so, set a clientName each in deploymentclient.conf and refer to that in your serverclass.conf - those are matched first.

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎09-14-2014 05:28 PM

As a footnote, I would strongly encourage setting the etc/system/local/server.conf serverName= of one of the two to be different from the other, and consider also differentiating etc/system/local/inputs.conf host= (unless you really want to make data from both systems indistinguishable).

Reply
Solved! Jump to solution

ShaneNewman
Motivator
‎09-15-2014 05:39 AM

I have already done these things. The Universal forwarder is part of our Linux image so all system data comes in through that route. The server.conf have the images setup in this fashion: serverName = host_instance. The indexers only receive data from Splunk UF's, each instance is listening on a different port so an inputs.conf entry should not be necessary.

0 Karma
Reply
Solved! Jump to solution

ShaneNewman
Motivator
‎09-14-2014 02:06 PM

That is exactly what I needed to know! Thank you for responding so quickly!

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...