Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: How Do I Remove Device From Splunk Server Clas...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How Do I Remove Device From Splunk Server Class?
Hello everyone. I am managing Windows and Mac devices via the Splunk DMC. Because of an error I made in the Splunk Server Class whitelist policy, some of the Mac devices received the Windows Apps to forward logs to a Windows index. I have corrected the whitelist IP policy, but what's the best way to remove the Mac device from the wrong server classes since it's still showing up?
Do I just want to just log into the Mac devices and delete the wrong Apps?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you! I realized that after making the corrections, I just needed to restart the Splunk service for the deployment server and everything updated. I'm no longer seeing Mac devices in Windows server classes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You don't need to restart the service, you can simply reload the deployment server:
/opt/splunk/bin/splunk reload deploy-server
That will cause the deployment server to reload, accepting any configuration changes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
and apparently a hash symbol means to bold on this platform, my bad.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Once you correct the entry in serverclass,conf the Mac device should no longer be in the wrong server class.
However, once added to the correct serverclass, it will not attempt to update any apps on the Mac device that are not defined in the Mac's current serverclass.
For example, if you defined serverClass A to get App SampleApp, and the Mac was accidently part of ServerClass A it recived SampleApp from the deployment server.
You then removed the Mac from serverClass A, and put it in serverClass B. Since serverClass B is not aware of SampleApp...it will not attempt to add/remove or modify the app from the Mac when they connect as serveClass B for the first time.
What you could do, is define SampleApp for serverclass B which you use for the Macs. reload deployment server. Then remove SampleApp from serverClass B and reload the deployment server. The deployment server should remove SampleApp from the systems that fall under serverClassB
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
