Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Which instance is installed on a server?

sarnagar
Contributor
‎10-09-2016 11:45 PM

Hi Team,

Im new to the splunk team in my organisation and they have servers A , B , C, D etc. There are splunk instances installed on the server like deployer , clustermaster , deployment-server etc. From their docs I know A - Clustermaster B- Deployer C - License master D - Deployment server etc.. But How do I know find out which instance is installed on any particular server? Is there any configuration file that corresponds to what instance is installed on the server? Could you help me in differentiating these?

Reply

lukejadamec
Super Champion
‎10-10-2016 04:50 AM

FYI, Splunk Enterprise includes all of the above as part of the installation. However, the only features enabled by default are search and index. To turn on the other features you need to configure them as desired on each server (and forwarders where applicable).

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-10-2016 12:02 AM

You can find kind of Splunk servers in this way:

  • Deployment Server has in directory $SPLUNK_HOME/etc/deployment-apps all the apps to be deployed, in addition, if you go on one Forwarders, you could see in file $SPLUNK_HOME/etc/system/local/deploymentclient.conf the host name or IP address of your Deployment Server (usually with port 8089);
  • Search Heads have enabled the distributed search, in other words, if you go in [Settings -- Distributed Search -- Search Peers] you can find the Indexers name;
  • Indexers are addressed by Search Heads, in addition, if you go on one Forwarders, you could find outputs.conf file (usually in $SPLUNK_HOME/etc/system/local or in one app) and see what are the Indexers (usually with port 9997), or see if receiving is enabled [Settings -- Forward and Receiving -- Set Receiving].

I don't know if you have clusters, in these cases you could find Deployer (in Search Head Clusters) and Master Node (in Indexers Cluster).
You could find Deployer seeing if in $SPLUNK_HOME/etc/shcluster/apps there are your apps.
You can find Master Node if in $SPLUNK_HOME/etc//master-apps/_cluster/local (or default) there are your indexes.conf.

Bye.
Giuseppe

Reply

woodcock
Esteemed Legend
‎10-12-2016 07:01 AM

What makes a Deployment Server a Deployment Server is the presence of a serverclass.conf file (whether or not any Deployment Clients are pointed to it or not):

http://docs.splunk.com/Documentation/Splunk/6.5.0/Updating/Useserverclass.conf

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...