Re: distribute outputs.conf to forwarders using de...

AzmathShaik · ‎07-21-2016

Hello,

i need to distribute outputs.conf file to my forwarder using deployment server.
i have set up deployment server and pointed the deployment clients. am able distribute apps to all my forwarders using deployment server. i need to distribute outputs.conf. do i need to do it in the same as i did to distribute apps or do i need to follow other way??

can any one help me in doing so???

gendalia · ‎07-27-2016

An app is a set of configuration files in this case.

On my deployment server, I created ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers (I use numbers for ASCII ordering of apps, ISU for locally created apps, and I have two sets of indexers, so two apps, one for each set).

In ${SPLUNK_HOME}/etc/deployment-apps/01_ISU_A_Indexers/local I put outputs.conf. A reload of deployment sever is probably necessary, so "splunk reload deploy-server". Then the app is available to be pushed out via server classes.

ddrillic · ‎07-21-2016

*outputs.conf * is an interesting artifact as it's normally being shared by many apps.

yannK has an interesting idea at -

Changing UF outputs.conf using deployment server

• create an app in the deployment server in .../etc//deployment-apps//default/outputs.conf

• define a serverclass.conf on the deployment server (to match clients to apps)

• configure the forwarders to point to the deployment-server in deploymentclient.conf

Meaning, the idea of creating a global *outputs.conf *.

somesoni2 · ‎07-21-2016

You would create (recommended) separate app for outputs.conf and will distribute in the same way you distribute any other app. Do remember to set restartSplunkd=true for the serverclass containing this app.

distribute outputs.conf to forwarders using deployment server???

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms