Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Introducing Splunk DS to an existing Splunk environment

varad_joshi
Communicator
‎09-15-2020 06:36 AM

We have an existing environment with 100+ servers sending data to IDX. We never had a DS before and now we want to introduce DS so that it's easier to manage the client. 

What are the things I consider before I start planning? Which config files I should be worried about getting overwritten when I add the existing UF as client to my DS.

 

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-15-2020 07:56 AM

Hi @varad_joshi,

I have two main hints before starting this job:

1) make a very accurate planning of your Serverclasses:

  • in other words, create in Excel (or something similar) a list of you servers, listing the TAs (Technical Add-Ons) to deploy in each one;
  • then think to the serverClasses to implement: a ServerClass is a table that make an association between a group of server (with the same TA to deploy) and the TAs to deploy.

This operation is very very important to avoid to have too many ServerClasses and heavy management..

Remember that the apps non listed in ServerClasses will be deleted from the servers!

2) create at least one TA (called e.g. TA_Forwarders) that contain only three files:

  • apps.conf (describing the app)
  • outputs.conf (containing the addressing of the indexers to send data);
  • deploymentclient.conf (contaioning the address of the Deployment Server).

the number of TA_Forwarders depends on your architecture: you need at least one TA, but you could have more of them if you have Heavy Forwarders as concentrators.

If possible, delete (e.g. using a script) the actual outputs.conf.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...