Getting Data In

How to use Deployment server on unix server with windows clients

dhs_harry08
Path Finder

Hi,

My environment contains central splunk server installed on Suse server. It collects the logs from universal forwarders from windows servers. I want to use deployment server on suse server and push my configurations to all the windows servers. Is this possible. Or only windows splunk server can push the configurations to windows forwarders.

Regards
Harry

0 Karma

grijhwani
Motivator

It is absolutely possible. We use one deployment server on CentOS, to deploy to both Linux and Windows servers. Apps are, when all is said and done, just aggregations of text files. As for your issue of permissions, that is a matter for the individual Splunk instances on the target servers. The source of the deployment will have very little to do with it. The permissions are inherited from the Splunk process receiving the configuration. If the Splunk process is running as a different UID from the original installer, it's going to have permission issues.

0 Karma

bkcarter
Path Finder

Thanks for the response. What I am seeing is as follows:

Deploy server=Windows 2008R2
Heavy Forwarder=Debian.

When I deploy the Splunk on Splunk app from the Windows box to Linux, the Python scripts do not retain their execute flag.

I installed heavy forwarder as root. Splunkd is running as root. I can chmod the files after deployment. I have seen others that have tried to do this with scripts, but the posts were a couple of years old.

What you state about the process having the rights makes me wonder what I might be missing.
Can you elaborate on the rights that the process needs?

0 Karma

Ayn
Legend

Doesn't matter - Linux deployment server should work just fine with any client regardless of OS.

bkcarter
Path Finder

WIll the apps that are deployed from the Linux server have the proper file rights in the Windows environments? Going the other way (from Windows to Linux) creates file rights issues with the scripts in the deployed apps on the Linux forwarders. I am thinking of replacing the Windows deployment server with Linux if this will solve the issue. Can you confirm this?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...