Getting Data In

Using splunk deployment server to detect virtual containers

tevgey23
Explorer

Can Splunk deployment server detect a container ID in a virtual environment, which was created... say by openvz, and apply the inputs.conf file to that container? This is necessary since the containers keep changing.

Tags (1)
0 Karma

Damien_Dallimor
Ultra Champion

I would say no.

serverclass.conf has whitelist,machineType(deprecated) and machineTypesFilter properties to detect deployment clients.

Perhaps you could set your virtual container's IP addresses to encode the container ID, as described here , and then you can use the whitelist property to setup your serverclass stanzas based on the IP addresses.

0 Karma

tevgey23
Explorer

Currently were using a script within puppet to identify those containers, does the deployment server support such a script. I guess what I can do is pupptize the host, install the forwarder,
and then if its a container Ill add the serverclass and deployment configuration files, from there
the Splunk server can populate the inputs.conf file. Does that sound like something that would work?

0 Karma
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...