Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Which instance is installed on a server?

sarnagar
Contributor
‎10-09-2016 11:45 PM

Hi Team,

Im new to the splunk team in my organisation and they have servers A , B , C, D etc. There are splunk instances installed on the server like deployer , clustermaster , deployment-server etc. From their docs I know A - Clustermaster B- Deployer C - License master D - Deployment server etc.. But How do I know find out which instance is installed on any particular server? Is there any configuration file that corresponds to what instance is installed on the server? Could you help me in differentiating these?

Reply

lukejadamec
Super Champion
‎10-10-2016 04:50 AM

FYI, Splunk Enterprise includes all of the above as part of the installation. However, the only features enabled by default are search and index. To turn on the other features you need to configure them as desired on each server (and forwarders where applicable).

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-10-2016 12:02 AM

You can find kind of Splunk servers in this way:

  • Deployment Server has in directory $SPLUNK_HOME/etc/deployment-apps all the apps to be deployed, in addition, if you go on one Forwarders, you could see in file $SPLUNK_HOME/etc/system/local/deploymentclient.conf the host name or IP address of your Deployment Server (usually with port 8089);
  • Search Heads have enabled the distributed search, in other words, if you go in [Settings -- Distributed Search -- Search Peers] you can find the Indexers name;
  • Indexers are addressed by Search Heads, in addition, if you go on one Forwarders, you could find outputs.conf file (usually in $SPLUNK_HOME/etc/system/local or in one app) and see what are the Indexers (usually with port 9997), or see if receiving is enabled [Settings -- Forward and Receiving -- Set Receiving].

I don't know if you have clusters, in these cases you could find Deployer (in Search Head Clusters) and Master Node (in Indexers Cluster).
You could find Deployer seeing if in $SPLUNK_HOME/etc/shcluster/apps there are your apps.
You can find Master Node if in $SPLUNK_HOME/etc//master-apps/_cluster/local (or default) there are your indexes.conf.

Bye.
Giuseppe

Reply

woodcock
Esteemed Legend
‎10-12-2016 07:01 AM

What makes a Deployment Server a Deployment Server is the presence of a serverclass.conf file (whether or not any Deployment Clients are pointed to it or not):

http://docs.splunk.com/Documentation/Splunk/6.5.0/Updating/Useserverclass.conf

0 Karma
Reply
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...