Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How is linux cloned server Identified After clone-prep-clear-config Script is Run on Master image?

sendhil103
Engager
‎09-17-2020 11:40 AM

Hi,

We are using Amazon Linux Workspaces and we incorporated Splunk in the master image to deploy multiple workspaces from the master image. We have followed the directions in the http://docs.splunk.com/Documentation/Splunk/6.3.1/Forwarding/Makeadfpartofasystemimage doc and it works.
however, the cloned images are not reporting to splunk when we go and look at the cloned images' server.conf and inputs.conf file it contains an entry for host name which is different from its host itself. But its not at all reporting to splunk. (but splunk service is running on the newly cloned hosts).

Basically we want to incorporate splunk with Master image itself and deploy it to all. 

Thank you,
Senthil

Labels (1)
Labels
Reply

logtastic
Explorer
‎06-14-2021 10:04 AM

I have this same issue/question. How can you have the host/image itself report to Splunk?

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-21-2020 05:38 AM

once you run below command on image then splunk should not start on image.

./splunk clone-prep-clear-config

if splunk services is started then it might have already created instances.cfg,server.conf and inputs.conf with the details of image server.

can you also check, if splunk GUID of Linux image is matching with UF GUID.

————————————
If this helps, give a like below.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...