Deployment Architecture

distribute outputs.conf to forwarders using deployment server???

Path Finder


i need to distribute outputs.conf file to my forwarder using deployment server.
i have set up deployment server and pointed the deployment clients. am able distribute apps to all my forwarders using deployment server. i need to distribute outputs.conf. do i need to do it in the same as i did to distribute apps or do i need to follow other way??

can any one help me in doing so???

0 Karma


An app is a set of configuration files in this case.

On my deployment server, I created ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers (I use numbers for ASCII ordering of apps, ISU for locally created apps, and I have two sets of indexers, so two apps, one for each set).

In ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers/local I put outputs.conf. A reload of deployment sever is probably necessary, so "splunk reload deploy-server". Then the app is available to be pushed out via server classes.

0 Karma

Ultra Champion

*outputs.conf * is an interesting artifact as it's normally being shared by many apps.

yannK has an interesting idea at -

Changing UF outputs.conf using deployment server

• create an app in the deployment server in .../etc//deployment-apps//default/outputs.conf

• define a serverclass.conf on the deployment server (to match clients to apps)

• configure the forwarders to point to the deployment-server in deploymentclient.conf

Meaning, the idea of creating a global *outputs.conf *.

0 Karma

Revered Legend

You would create (recommended) separate app for outputs.conf and will distribute in the same way you distribute any other app. Do remember to set restartSplunkd=true for the serverclass containing this app.

Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...