How is linux cloned server Identified After clone-...

sendhil103 · ‎09-17-2020

Hi,

We are using Amazon Linux Workspaces and we incorporated Splunk in the master image to deploy multiple workspaces from the master image. We have followed the directions in the http://docs.splunk.com/Documentation/Splunk/6.3.1/Forwarding/Makeadfpartofasystemimage doc and it works.
however, the cloned images are not reporting to splunk when we go and look at the cloned images' server.conf and inputs.conf file it contains an entry for host name which is different from its host itself. But its not at all reporting to splunk. (but splunk service is running on the newly cloned hosts).

Basically we want to incorporate splunk with Master image itself and deploy it to all.

Thank you,
Senthil

logtastic · ‎06-14-2021

I have this same issue/question. How can you have the host/image itself report to Splunk?

thambisetty · ‎09-21-2020

once you run below command on image then splunk should not start on image.

./splunk clone-prep-clear-config

if splunk services is started then it might have already created instances.cfg,server.conf and inputs.conf with the details of image server.

can you also check, if splunk GUID of Linux image is matching with UF GUID.

————————————
If this helps, give a like below.

How is linux cloned server Identified After clone-prep-clear-config Script is Run on Master image?

report acceleration

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!