Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Deployment Servers

rcavallo
New Member
‎12-07-2010 09:19 PM

Folks, while the documentation for things splunklike are usually very good, it is very poor when it comes to using the deployment server feature.

What I am looking for is some help with setting up some serverclasses based upon what types of applications are installed on those servers, and I don't want to deploy applications I want to deploy configurations.

So lets say I designate one server, deploymentserver as my, you guessed it, Deployment Server. I place in splunk_home$/etc/system/local a serverclass.conf. I put a congiguration that says for all deployment clients that have alfresco, please monitor /apps/alfresco/log/alfresco.log.

Can someone provide a very simple, one dimensional example of the above for serverclass.conf? I understand there are many other nuances to it.

Then, on my server that I want to deploy this configuration to, I indicate that I am an alfresco server.

Can someone provide a very simple, one dimensional example of the above as well for my SPLUNK_HOME/etc/system/local/deploymentclient.conf file? How do I indicate in this file "I am an alfresco server"?

I will have servers that have multiple applications on them be part of multiple serverclass indicators, and indicate each application in the deplomentclient.conf

Hope someone can help here. Thanks!!

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎06-02-2015 06:26 PM

First you create an app called alfresco that contains at least inputs.conf and put it here:

$SPLUNK_HOME/etc/deployment-apps/alfresco/

Then you put something like the following into serverclass.conf:

[serverClass:alfresco)forwarder]
whitelist.0 = <alfresco_server1_hostname>
whitelist.1 = <alfresco_server2_hostname>

[serverClass:alfresco_forwarder:app:alfresco]
restartSplunkd = true
stateOnClient = enabled

See more here:
http://docs.splunk.com/Documentation/Splunk/latest/Updating/Useforwardermanagement

0 Karma
Reply

woodcock
Esteemed Legend
‎07-31-2015 08:44 AM

Did you get this working?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...