Hi,
My environment contains central splunk server installed on Suse server. It collects the logs from universal forwarders from windows servers. I want to use deployment server on suse server and push my configurations to all the windows servers. Is this possible. Or only windows splunk server can push the configurations to windows forwarders.
Regards
Harry
It is absolutely possible. We use one deployment server on CentOS, to deploy to both Linux and Windows servers. Apps are, when all is said and done, just aggregations of text files. As for your issue of permissions, that is a matter for the individual Splunk instances on the target servers. The source of the deployment will have very little to do with it. The permissions are inherited from the Splunk process receiving the configuration. If the Splunk process is running as a different UID from the original installer, it's going to have permission issues.
Thanks for the response. What I am seeing is as follows:
Deploy server=Windows 2008R2
Heavy Forwarder=Debian.
When I deploy the Splunk on Splunk app from the Windows box to Linux, the Python scripts do not retain their execute flag.
I installed heavy forwarder as root. Splunkd is running as root. I can chmod the files after deployment. I have seen others that have tried to do this with scripts, but the posts were a couple of years old.
What you state about the process having the rights makes me wonder what I might be missing.
Can you elaborate on the rights that the process needs?
Doesn't matter - Linux deployment server should work just fine with any client regardless of OS.
WIll the apps that are deployed from the Linux server have the proper file rights in the Windows environments? Going the other way (from Windows to Linux) creates file rights issues with the scripts in the deployed apps on the Linux forwarders. I am thinking of replacing the Windows deployment server with Linux if this will solve the issue. Can you confirm this?