Getting Data In
Highlighted

Is it possible to define a custom location for universal forwarder local configurations?

Explorer

My Splunk Forwarder is installed on a share, which can be mapped to all the servers in my environment. Therefore, I am wondering if it is possible to use binaries out this common location, but have configs installed elsewhere, locally on each server. If so, I would not need to worry about deploying Splunk Forwarders to all the servers, I will be simply pushing configs as needed.

Is it possible to define a custom location for Universal Forwarder local configs (.../etc/system/local)? For example, set this as an ENV variable prior to starting the forwarder, or maybe passing-in this location as an argument, such as:

.../splunkforwarder/bin/splunk start -local-conf /my/custom/config/location/etc/system/local

And similarly for the logs location?

I realize I can probably use symlinks to achieve this. But I was wondering if Splunk supports the ability to define custom config/log paths.

0 Karma
Highlighted

Re: Is it possible to define a custom location for universal forwarder local configurations?

Splunk Employee
Splunk Employee

Hi marlog,

No, Splunk does not support a custom location for universal forwarder local configs or Splunk logs.
In fact, to push configurations (and add-ons) to multiple forwarders, you should set up a deployment server to do exactly this.
The documentation provides very detailed information and instructions about forwarder management using a deployment server:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Updating/Aboutdeploymentserver

Hope this helps. Thanks!
Hunter

View solution in original post

0 Karma