Deployment Architecture

Which instance is installed on a server?

sarnagar
Contributor

Hi Team,

Im new to the splunk team in my organisation and they have servers A , B , C, D etc. There are splunk instances installed on the server like deployer , clustermaster , deployment-server etc. From their docs I know A - Clustermaster B- Deployer C - License master D - Deployment server etc.. But How do I know find out which instance is installed on any particular server? Is there any configuration file that corresponds to what instance is installed on the server? Could you help me in differentiating these?

lukejadamec
Super Champion

FYI, Splunk Enterprise includes all of the above as part of the installation. However, the only features enabled by default are search and index. To turn on the other features you need to configure them as desired on each server (and forwarders where applicable).

0 Karma

gcusello
SplunkTrust
SplunkTrust

You can find kind of Splunk servers in this way:

  • Deployment Server has in directory $SPLUNK_HOME/etc/deployment-apps all the apps to be deployed, in addition, if you go on one Forwarders, you could see in file $SPLUNK_HOME/etc/system/local/deploymentclient.conf the host name or IP address of your Deployment Server (usually with port 8089);
  • Search Heads have enabled the distributed search, in other words, if you go in [Settings -- Distributed Search -- Search Peers] you can find the Indexers name;
  • Indexers are addressed by Search Heads, in addition, if you go on one Forwarders, you could find outputs.conf file (usually in $SPLUNK_HOME/etc/system/local or in one app) and see what are the Indexers (usually with port 9997), or see if receiving is enabled [Settings -- Forward and Receiving -- Set Receiving].

I don't know if you have clusters, in these cases you could find Deployer (in Search Head Clusters) and Master Node (in Indexers Cluster).
You could find Deployer seeing if in $SPLUNK_HOME/etc/shcluster/apps there are your apps.
You can find Master Node if in $SPLUNK_HOME/etc//master-apps/_cluster/local (or default) there are your indexes.conf.

Bye.
Giuseppe

woodcock
Esteemed Legend

What makes a Deployment Server a Deployment Server is the presence of a serverclass.conf file (whether or not any Deployment Clients are pointed to it or not):

http://docs.splunk.com/Documentation/Splunk/6.5.0/Updating/Useserverclass.conf

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...