Getting Data In

Is it possible to create a deployment package of universal forwarder with complete configuration?

sathyajith_tekd
Engager

Hello,

Is it possible to create a package of Splunk universal forwarder with the complete configuration so that I can deploy through SCCM since I have more than 150 windows servers?

0 Karma

FrankVl
Ultra Champion

Have a look at the UF documentation, which has a chapter on how to do installs like that: http://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/InstallaWindowsuniversalforwarderremo...

Post back here if that still leaves any specific questions!

0 Karma

tiagofbmm
Influencer

Yes it is possible and recommended for coherency between your forwarders.

One of the most important configurations, the deploymentclient.conf that allows to later control everything from the deployment server.

Put that in an app org_all_deploymentclient with deploymentclient.conf in the /local directory and your're good to go.

All subsequent actions can be done through Deployment Server

0 Karma

sathyajith_tekd
Engager

Once I install the forwarder then only i can use deployment server to install apps and config right.For 70 server how is it possible to deploy universal forwarder.Is it any way to create fully configured package.

0 Karma

tiagofbmm
Influencer

Can you use an Ansible Playbook with the Splunk Installation and a copy of the app to all the servers?

Have you got any mass deployment tool?

0 Karma

sathyajith_tekd
Engager

I have an System Center Configuration Manager (SCCM)

0 Karma

tiagofbmm
Influencer

Well then for each server, put the installer in each machine, untar it, start splunk, copy the app that contains the deploymentclient.conf, restart splunk and you're done.

Any further doubts about it?

0 Karma

tiagofbmm
Influencer

Please let me know if the answer was useful for you. If it was, accept it and upvote. If not, give us more input so we can help you with that

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...