Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

distribute outputs.conf to forwarders using deployment server???

AzmathShaik
Path Finder
‎07-21-2016 08:14 AM

Hello,

i need to distribute outputs.conf file to my forwarder using deployment server.
i have set up deployment server and pointed the deployment clients. am able distribute apps to all my forwarders using deployment server. i need to distribute outputs.conf. do i need to do it in the same as i did to distribute apps or do i need to follow other way??

can any one help me in doing so???

0 Karma
Reply

gendalia
Engager
‎07-27-2016 02:22 PM

An app is a set of configuration files in this case.

On my deployment server, I created ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers (I use numbers for ASCII ordering of apps, ISU for locally created apps, and I have two sets of indexers, so two apps, one for each set).

In ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers/local I put outputs.conf. A reload of deployment sever is probably necessary, so "splunk reload deploy-server". Then the app is available to be pushed out via server classes.

0 Karma
Reply

ddrillic
Ultra Champion
‎07-21-2016 10:20 AM

*outputs.conf * is an interesting artifact as it's normally being shared by many apps.

yannK has an interesting idea at -

Changing UF outputs.conf using deployment server

• create an app in the deployment server in .../etc//deployment-apps//default/outputs.conf

• define a serverclass.conf on the deployment server (to match clients to apps)

• configure the forwarders to point to the deployment-server in deploymentclient.conf

Meaning, the idea of creating a global *outputs.conf *.

0 Karma
Reply

somesoni2
Revered Legend
‎07-21-2016 10:01 AM

You would create (recommended) separate app for outputs.conf and will distribute in the same way you distribute any other app. Do remember to set restartSplunkd=true for the serverclass containing this app.

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...