we use microsoft sms in our environment.. with sms, we maintain collections which are basically SQL queries that result in a list of host names to target deployments to.
Building on that construct, a student of ours wrote a executable that updates host whitelist or blacklist entries in serverclasses within a specified serverclass.conf file. For his program to work, we have to define in an xml file connection strings for referenced sql servers, serverclass names, and sql-queries resulting in host names to whitelist or blacklist for each serverclass. With that defined, each time we run the executable against a serverclass.conf, the host names are updated and his program handles all the auto-incrementation of whitelist/blacklist instances numbers. It's nifty.
To achieve the same thing natively within splunk, it would be nice if deployment-servers supported reference to a saved report or lookup table on search head as basis for whitelist or blacklist entries for a given serverclass.
... View more