Splunk Enterprise

Any reason not to install PDF server on every Linux Search Head?

jhupka
Path Finder

We are trying to keep all of our Linux Search Heads identical to make configuration/deployment easy. Is there any reason not to install the PDF Server app on every Search Head and just have them configured to use themselves as the PDF Server? This would also allow us to utilize identical alert_actions.conf on every Search Head.

We are currently on 4.3.3 and using PDF Server for Linux 1.3.

0 Karma
1 Solution

Jason
Motivator

I see no problem with doing that. In order to keep config the same, you would likely want to point Splunk at a 127.0.0.1 address for its PDF server.

View solution in original post

Jason
Motivator

I see no problem with doing that. In order to keep config the same, you would likely want to point Splunk at a 127.0.0.1 address for its PDF server.

View solution in original post

jhupka
Path Finder

Just a bit of follow-up on this. One reason against PDF Server everywhere is the app is pretty big with a 32-bit and 64-bit version of Firefox internal to the app. So depending on your build/deploy process and how things are with Deployment Server you might not want to be pushing PDF Server out all over the place. On the other hand, it shouldn't necessarily change often so if you're using Deployment Server it won't often try and push out copies of PDF Server.

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!