Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you ensure a deployment client's .conf files are running with new changes?

russell120
Communicator
‎02-26-2019 10:19 AM

Hi,

If I use push an update (.conf files) to deployment clients using my deployment server, how do I ensure those clients are running properly using those new .conf file changes? Do I have to manually rebuild the forwarder asset table? Restart splunkd on those clients? Something else?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tiagofbmm
Influencer
‎02-26-2019 10:24 AM

If you want to make sure the apps in the client are the same as the ones in the Deployment Server, you can check the serverclass.xml file under /opt/splunk/var/run.

There you'll see the last time the client got a push a what is the hash of the app. If for instance you changed something in an app on the Deployment Server, just run /opt/splunk/bin/splunk reload deploy-server and the hashes of each app are recomputed and the match of client and server hashes per app is done again, pushing it when there is a mismatch.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

tiagofbmm
Influencer
‎02-26-2019 10:24 AM

If you want to make sure the apps in the client are the same as the ones in the Deployment Server, you can check the serverclass.xml file under /opt/splunk/var/run.

There you'll see the last time the client got a push a what is the hash of the app. If for instance you changed something in an app on the Deployment Server, just run /opt/splunk/bin/splunk reload deploy-server and the hashes of each app are recomputed and the match of client and server hashes per app is done again, pushing it when there is a mismatch.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...