distribute outputs.conf to forwarders using deploy...

AzmathShaik · ‎07-21-2016

Hello,

i need to distribute outputs.conf file to my forwarder using deployment server.
i have set up deployment server and pointed the deployment clients. am able distribute apps to all my forwarders using deployment server. i need to distribute outputs.conf. do i need to do it in the same as i did to distribute apps or do i need to follow other way??

can any one help me in doing so???

gendalia · ‎07-27-2016

An app is a set of configuration files in this case.

On my deployment server, I created ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers (I use numbers for ASCII ordering of apps, ISU for locally created apps, and I have two sets of indexers, so two apps, one for each set).

In ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers/local I put outputs.conf. A reload of deployment sever is probably necessary, so "splunk reload deploy-server". Then the app is available to be pushed out via server classes.

ddrillic · ‎07-21-2016

*outputs.conf * is an interesting artifact as it's normally being shared by many apps.

yannK has an interesting idea at -

Changing UF outputs.conf using deployment server

• create an app in the deployment server in .../etc//deployment-apps//default/outputs.conf

• define a serverclass.conf on the deployment server (to match clients to apps)

• configure the forwarders to point to the deployment-server in deploymentclient.conf

Meaning, the idea of creating a global *outputs.conf *.

somesoni2 · ‎07-21-2016

You would create (recommended) separate app for outputs.conf and will distribute in the same way you distribute any other app. Do remember to set restartSplunkd=true for the serverclass containing this app.

distribute outputs.conf to forwarders using deployment server???

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...