Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a deployment client subscribe to an app?

echalex
Builder
‎10-09-2012 12:02 AM

Hi,

We are using the deployment server to distribute configuration to universal forwarders. Since we are using chef to install the forwarders, it would be very good if we could add the forwarder to a serverclass from the forwarder host itself, rather than doing this at the deployment server.

Any suggestions on doing this. Preferrably, it should be scriptable. With that I mean either a CLI command to run on the forwarder, or some way to do it through the REST API.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 06:07 AM

there is a way to achieve this.
The deploymentclient.conf on the client has a parameter clientName that can be used to replace the ip and hostname used to match the whitelist/blacklist in the server serverclass.conf

see http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Serverclassconf
and http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Deploymentclientconf

You could use define your classes with roles by example, and use chef to populate the clientName with a concatenation of the classes and hostname.

example :

[deployment-client]
clientName=myhostname-roleA-roleB

and on the serverclass

[myclassA]
whitelist=*roleA*
[myclassB]
whitelist=*roleB*

View solution in original post

Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 06:07 AM

there is a way to achieve this.
The deploymentclient.conf on the client has a parameter clientName that can be used to replace the ip and hostname used to match the whitelist/blacklist in the server serverclass.conf

see http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Serverclassconf
and http://docs.splunk.com/Documentation/Splunk/4.3.4/admin/Deploymentclientconf

You could use define your classes with roles by example, and use chef to populate the clientName with a concatenation of the classes and hostname.

example :

[deployment-client]
clientName=myhostname-roleA-roleB

and on the serverclass

[myclassA]
whitelist=*roleA*
[myclassB]
whitelist=*roleB*

Reply
Solved! Jump to solution

echalex
Builder
‎10-09-2012 08:50 AM

Yes, that's what I want, more or less. I guess the clientName solution is the closest thing, but it does require some preparation. OTOH, it is a sane approach which provides a kind of "menu" of distributable apps.

Do you know if there are any restrictions on length and characters contained?

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 07:28 AM

So you want to remotely edit the serverclass.conf on the deployment-server to add a whitelist item ?
I am not sure that there is a REST API for it.

0 Karma
Reply
Solved! Jump to solution

echalex
Builder
‎10-09-2012 07:24 AM

Thanks, but that doesn't really do what I want. (I know about clientName).

This solution requires the whitelists to be configured beforehand on the deployment server.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...