Splunk Enterprise

Any reason not to install PDF server on every Linux Search Head?

jhupka
Path Finder

We are trying to keep all of our Linux Search Heads identical to make configuration/deployment easy. Is there any reason not to install the PDF Server app on every Search Head and just have them configured to use themselves as the PDF Server? This would also allow us to utilize identical alert_actions.conf on every Search Head.

We are currently on 4.3.3 and using PDF Server for Linux 1.3.

0 Karma
1 Solution

Jason
Motivator

I see no problem with doing that. In order to keep config the same, you would likely want to point Splunk at a 127.0.0.1 address for its PDF server.

View solution in original post

Jason
Motivator

I see no problem with doing that. In order to keep config the same, you would likely want to point Splunk at a 127.0.0.1 address for its PDF server.

jhupka
Path Finder

Just a bit of follow-up on this. One reason against PDF Server everywhere is the app is pretty big with a 32-bit and 64-bit version of Firefox internal to the app. So depending on your build/deploy process and how things are with Deployment Server you might not want to be pushing PDF Server out all over the place. On the other hand, it shouldn't necessarily change often so if you're using Deployment Server it won't often try and push out copies of PDF Server.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...