Splunk Enterprise

Any reason not to install PDF server on every Linux Search Head?

jhupka
Path Finder

We are trying to keep all of our Linux Search Heads identical to make configuration/deployment easy. Is there any reason not to install the PDF Server app on every Search Head and just have them configured to use themselves as the PDF Server? This would also allow us to utilize identical alert_actions.conf on every Search Head.

We are currently on 4.3.3 and using PDF Server for Linux 1.3.

0 Karma
1 Solution

Jason
Motivator

I see no problem with doing that. In order to keep config the same, you would likely want to point Splunk at a 127.0.0.1 address for its PDF server.

View solution in original post

Jason
Motivator

I see no problem with doing that. In order to keep config the same, you would likely want to point Splunk at a 127.0.0.1 address for its PDF server.

jhupka
Path Finder

Just a bit of follow-up on this. One reason against PDF Server everywhere is the app is pretty big with a 32-bit and 64-bit version of Firefox internal to the app. So depending on your build/deploy process and how things are with Deployment Server you might not want to be pushing PDF Server out all over the place. On the other hand, it shouldn't necessarily change often so if you're using Deployment Server it won't often try and push out copies of PDF Server.

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...