Getting Data In

Deployment Server - Automated Client Deletion?


Our system provisioning process installs the Splunk UniversalForwarder while the system is on a provisioning network, and then moves the system to it's actual final network.

This results in two client records in the Forwarder Management web interface.

Is there a way to script out Client Deletion? I'd like to remove these duplicate client records in an automated way.

0 Karma

Re: Deployment Server - Automated Client Deletion?


Splunk writes the info about the deployment client in serverclass.conf

It wouldn't be trivial, but you could certainly write a script that edits serverclass.conf; it is a text file.

More info here: serverclass.conf.spec and at Create Server Classes

After editing serverclass.conf, your script should issue the command

./splunk reload deploy-server

to have Splunk re-read the serverclass.conf file