Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Updating Remote Forwarders

kholleran
Communicator
‎02-03-2011 02:32 PM

Hello,

I have about 80 remote forwarders that forward back to a central Splunk server. I was wondering if anyone had come up with a solution to updating these remote forwarders. My desired functionality would be to be able to have the forwarder check a repository for the following:

  • latest version of Splunk. If the version in the repository is newer, upgrade.
  • check props.conf & transforms.conf. These differ slightly among the forwarders so I would have to be able to point to sub-types for the machines.
  • check inputs.conf & update if newer. However, in inputs.conf there is a hostname field that is different on every machine so this would have to be left alone.

I was starting to write something to accomplish this but it seems like this would be a common need so I was wondering if anyone had implemented something similar.

Thanks for your help.

Kevin

Reply

mbenitezr
Explorer
‎07-08-2015 10:54 AM

Hi.

i know this is a old topic, but i want to now, do you found a good solution?

thanks.

0 Karma
Reply

msettipane
Splunk Employee
Splunk Employee
‎02-04-2011 09:15 PM

Have you considered using Puppet or Chef?

Reply

kholleran
Communicator
‎02-03-2011 06:23 PM

Thanks for the link and suggestions.

I ran into a bunch of issues with deployment server where it showed it was contacting the server but never actually pulled anything down, so I was planning to replace that with something else while also including the splunk installer. All boxes in a group are the same, all are Windows. I would want something that allowed it to install automatically after it was triggered by an admin.

0 Karma
Reply

Lowell
Super Champion
‎02-03-2011 03:10 PM

Heres's a related idea: http://answers.splunk.com/questions/2567/need-deployment-server-to-assign-hostnames-dynamically-via-...

Reply

Lowell
Super Champion
‎02-03-2011 03:06 PM

Great question. I use the deployment server for keeping all the .conf files updated, and I have a custom per-server app for a number of my boxes with unique inputs settings. But, that's only half of your request. We have a much small number of forwards, so for now I'm doing all of that by hand. It would be possible to deploy a custom app with a "scripted input" script that downloads and installs the latest version (when needed), but there are tons of potential problems with that kind of approach; such as permissions, and failed/partial upgrades, in-use files, 32 vs 64 bit, tar/rpm/deb?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...