All,
I'm working on converting my environment over to using the Deployment Server and for the most part I have it all figured out but I'm running into a problem when pushing multiple configurations out to different forwarders for the same app.
For example, my Windows servers will all get the Splunk_TA_windows app installed but some servers collect different sets of logs than the rest so I need to deploy different configs. Some will collect only the Security logs, some will collect only the Application logs, some will collect only DNS, etc. When I started testing I was renaming the app on the Deployment server (Splunk_TA-windows_DNS, Splunk_TA-windows_Security, Splunk_TA-windows_Applications, etc.) This works but seems kind of messy and I was wondering what others are doing to better manage this? I do not see a way to have the same base app directory and push different configs from within it.
Any suggestions?
... View more