Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Installing splunk on many servers

alimorton
New Member
‎12-10-2010 08:56 PM

In our environment, we have one application that uses 32 blades. On each of those 32 blades, we are looking to install splunk, and have them all configured to monitor the same directories and all forwarding data to one central repository.

Instead of manually installing and configuring splunk on each server's own filesystem, I was wondering if there is some way to use a generic install of splunk on an NFS mount that is shared between all the servers. The problem I know we'd face is that splunk does it's logging and configuration in the same directory as the installation, so this wouldn't work with 32 servers sharing the same configuration directory.

What I was wondering is if there a way to specify a separate local directory that is not at all tied in with the binaries needed to run splunk? This directory would house any local configurations and logs, which has a very small disk footprint and can just be on each server's local filesystem.

Has this been done before? How are other users installing splunk on very distributed environments?

Tags (2)
0 Karma
Reply

pl123
Path Finder
‎01-24-2011 01:05 AM

Set up a custom splunk install that points to a splunk deployment server, tar it up, untar and start on each machine, then using the deployment server push out the changes. easy as.

Reply

tedder
Communicator
‎12-11-2010 12:01 AM

It doesn't sound like you need splunk on the machines, just the splunk light forwarders. There are other ways to do this- for instance, syslog-ng is very easy to set up to tail logs, receive syslogs, etc.

Reply

tedder
Communicator
‎12-13-2010 09:06 PM

it's just an alternative. syslog-ng is easier to set up in many environments as it's more available and has been deployed in a much larger scale.

0 Karma
Reply

alimorton
New Member
‎12-13-2010 02:29 PM

You're correct that we only would need light forwarders on each box. What would be the advantage to using syslog-ng over a light forwarder?

0 Karma
Reply

ftk
Motivator
‎12-10-2010 09:06 PM

On *nix most people use puppet to deploy forwarders to a number of servers.

Check the following thread for a start: http://answers.splunk.com/questions/345/does-splunk-play-nice-with-puppet

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...