Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

distribute outputs.conf to forwarders using deployment server???

AzmathShaik
Path Finder
‎07-21-2016 08:14 AM

Hello,

i need to distribute outputs.conf file to my forwarder using deployment server.
i have set up deployment server and pointed the deployment clients. am able distribute apps to all my forwarders using deployment server. i need to distribute outputs.conf. do i need to do it in the same as i did to distribute apps or do i need to follow other way??

can any one help me in doing so???

0 Karma
Reply

gendalia
Engager
‎07-27-2016 02:22 PM

An app is a set of configuration files in this case.

On my deployment server, I created ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers (I use numbers for ASCII ordering of apps, ISU for locally created apps, and I have two sets of indexers, so two apps, one for each set).

In ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers/local I put outputs.conf. A reload of deployment sever is probably necessary, so "splunk reload deploy-server". Then the app is available to be pushed out via server classes.

0 Karma
Reply

ddrillic
Ultra Champion
‎07-21-2016 10:20 AM

*outputs.conf * is an interesting artifact as it's normally being shared by many apps.

yannK has an interesting idea at -

Changing UF outputs.conf using deployment server

• create an app in the deployment server in .../etc//deployment-apps//default/outputs.conf

• define a serverclass.conf on the deployment server (to match clients to apps)

• configure the forwarders to point to the deployment-server in deploymentclient.conf

Meaning, the idea of creating a global *outputs.conf *.

0 Karma
Reply

somesoni2
Revered Legend
‎07-21-2016 10:01 AM

You would create (recommended) separate app for outputs.conf and will distribute in the same way you distribute any other app. Do remember to set restartSplunkd=true for the serverclass containing this app.

Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top