Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Independent PDF Server pros and cons?

Lowell
Super Champion
‎04-30-2010 05:40 PM

Has anyone thought through the pros/cons of setting up an external (independent) PDF server vs running the PDF server right on your primary splunk instance?

We have a very straight-forward splunk infrastructure: There are multiple splunk forwarders all sending events to a central splunk indexer. All searching is done directly against this central indexer.

I'm about to upgrade to Splunk 4.1 and I'm trying to decide it's better to run the pdf server on it's own instances (which will probably on a virtual machine), or stick the pdfserver directly on the central indexer. The central indexer is running Linux, although none of the X libraries have been installed yet.

I'm looking for pros and cons related to stability, configuration complexity, performance, maintenance, gotchas, ...

Tags (2)
0 Karma
Reply

Simeon
Splunk Employee
Splunk Employee
‎04-30-2010 08:59 PM

For your scenario, I would install the dependencies on the Splunk system and run the PDF server from that machine. Centralizing the management of Splunk will make your life much easier, especially when troubleshooting a problem with the PDF server. For the most part, the PDF server is just a firefox binary which is pretty low overhead and only gets launched when you create the PDF.

Pros for running PDF server independently:

  • lower resource utilization
  • Firefox and dependencies might already reside on a system

Cons for running PDF server independently:

  • need to manage network connectivity (firewalls and network changes?)
  • additional system to maintain
  • configuration is decentralized
Reply

Lowell
Super Champion
‎04-30-2010 10:23 PM

Could you clarify what all configurations needs to be synchronized? I was under the impression that the PDF server is in may ways like any other search user, in that, as long as it can connect to the splunk web interface (port 8000), then it can render the page and produce a PDF, and return it to the caller. It makes sense that you have to get the pdfserver connectivity settings correct, but you shouldn't have to sync eventtypes/tags/views/savedserches/... because none of that is running on the pdfserver, that's all done on the search head, right?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...