Hello
I am scripting the install of Splunk Enterprise in my virtual env and it works great. What I would like to do now is script the install of the DMC (Distributed Management Console) to a different path, something other than /opt/splunk/, maybe something like /opt/splunkdmc/.
I know this can be done but no idea how to achieve it
Any help would be appreciated
Thanks
Todd Waller
tkwaller,
Consider using the TGZ version of Splunk rather than your platform's native package manager (e.g. RPM's on Redhat/CentOS).
Example procesure would be something like -
1) Create the directory you want, like /opt/mydirectory
2) mv splunk_package_name.tgz /opt/mydirectory
3) tar xvzf splunk_package_name.tgz
4) splunk start --accept-license
Don't forget to set ownership of the files to user "Splunk" or what ever you're planning on running Splunk as.
Since the MC comes with core Splunk, it just gets installed (if you are installing splunk in /opt/splunk, then MC will appear in /opt/splunk/etc/apps.), you just enable/configure under UI->settings->Monitoring Console.
Follow the below link to configure MC and understand the right instance to configure it.
https://docs.splunk.com/Documentation/Splunk/6.6.1/DMC/Configureindistributedmode
tkwaller,
Consider using the TGZ version of Splunk rather than your platform's native package manager (e.g. RPM's on Redhat/CentOS).
Example procesure would be something like -
1) Create the directory you want, like /opt/mydirectory
2) mv splunk_package_name.tgz /opt/mydirectory
3) tar xvzf splunk_package_name.tgz
4) splunk start --accept-license
Don't forget to set ownership of the files to user "Splunk" or what ever you're planning on running Splunk as.
You are misunderstanding completely. The MC
is a capability (app) of any Search Head. It does not require a separate install of Splunk; it just needs to be enabled by configuring it. Why are you overloading your ES? Just spin up another box and install it as a search head and point it at your indexer tier. Leave the MC
as a non-clustered Search Head all on it's own and only let admins login. The only thing that I would share on the MC
is the License Manager.
So I do understand that any search head has this app and I also know that its just enabled and configged on what you want to be the master, did it in our MASSIVE production env.
What I am WANTING to do is have it not installed at /opt/splunk/ but a different path
The license master will also be on this host as well as it being the deployment server as well, which is why I ask about paths
But why? Why would you EVER want to run a 2nd instance of splunk on the same server just to run ONE app that is already on the server? It makes no sense and will chew up a TON of duplicated resources for no reason that you have indicated or that I can guess.
"Dedicated Deployment Server and license Master - If your install grows beyond just a single Splunk instance (talking indexers & search heads here, not forwarders), set up a separate server to be a license manager & Deployment server. A VM is fine for these purposes, and can actually be a benefit to be on a VM. You can even use the tarball install to put these multiple instances on the same box/VM. Say one in /opt/splunk, one in /opt/deploymentserver, and one in /opt/licenseserver. Run them on different ports of course."
Again, to avoid confusion of future readers and stress woodcook's point:
One instance of Splunk can fulfill multiple roles!
So to have one Splunk instance act i.e. as license master, cluster master and DMC you do not have to install 3 instances! Instead you configure the necessary stuff for the 3 roles on the same instance.
There's some role Splunk tells you not to combine them (i.e. Cluster Master and Deplyoment). But generally this works like a charm while installing 3 instances on the same server is definitively a mess and 3 VMs would be unnecessary and lot of overhead (ressource- and managment-wise).