- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Splunk Deployment Servers
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Deployment Servers
Folks, while the documentation for things splunklike are usually very good, it is very poor when it comes to using the deployment server feature.
What I am looking for is some help with setting up some serverclasses based upon what types of applications are installed on those servers, and I don't want to deploy applications I want to deploy configurations.
So lets say I designate one server, deploymentserver as my, you guessed it, Deployment Server. I place in splunk_home$/etc/system/local a serverclass.conf. I put a congiguration that says for all deployment clients that have alfresco, please monitor /apps/alfresco/log/alfresco.log.
Can someone provide a very simple, one dimensional example of the above for serverclass.conf? I understand there are many other nuances to it.
Then, on my server that I want to deploy this configuration to, I indicate that I am an alfresco server.
Can someone provide a very simple, one dimensional example of the above as well for my SPLUNK_HOME/etc/system/local/deploymentclient.conf file? How do I indicate in this file "I am an alfresco server"?
I will have servers that have multiple applications on them be part of multiple serverclass indicators, and indicate each application in the deplomentclient.conf
Hope someone can help here. Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First you create an app called alfresco that contains at least inputs.conf and put it here:
$SPLUNK_HOME/etc/deployment-apps/alfresco/
Then you put something like the following into serverclass.conf:
[serverClass:alfresco)forwarder]
whitelist.0 = <alfresco_server1_hostname>
whitelist.1 = <alfresco_server2_hostname>
[serverClass:alfresco_forwarder:app:alfresco]
restartSplunkd = true
stateOnClient = enabled
See more here:
http://docs.splunk.com/Documentation/Splunk/latest/Updating/Useforwardermanagement
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you get this working?
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
