Getting Data In

How to add new deployment clients to a Server Class?

empi1212
New Member

Hi All,

New to this, but getting on ok. I'm just a little confused about new client PCs or Servers being added to a server class.

What we have done so far...
All running on MS server 2008 r2 or Windows 7
'Splunk Enterprise server' v6.2.2 build and set to receive, server class setup with clients added, reporting as expected from the initially added clients.

'Splunk Universal Forwarder' v6.2.4 installed and reporting as mentioned above, we are filtering the events successfully (not relevant but want to give a full picture).

My question is, when we first set up a 'server class', we were able to add all the found clients. This worked all ok. We are rolling out the 'Universal Forwarder' with SCCM and now have more clients that are being seen by the 'Splunk Enterprise Server'. When you go into 'Forwarder manager', Server Classes tab, we select our server class that we created by the name displayed. In there, you see you see the clients. If we right click on the edit button/edit clients, we can see clients that are not members (e.g. not ticked) of the server class, but there seems to be no way of adding these clients.

Can you add clients? if so how?

Many thanks for reading and you help

0 Karma

masonmorales
Influencer

When you are in the Edit Clients screen, you need to use the whitelist box to include the new hosts. Either add their IP addreses, client names, host names, or DNS names (comma-delimited, or use wildcards). Then, click the "Preview" button. You should see those clients become checked. Then, you can click Save and it'll add those clients to your server class.

dsbruce
Explorer

I also found in 6.2.2 when you edit the whitelist, the old entry disappears.
I have been keeping a list of the entries and then when it needs to be changed, I add to my list and then just copy/paste

I also really like the Filter by Machine type if you are looking for all window servers.
If you have a good cross section of OSes phoning home.
Just do "*" in the white list and select the OS types you want to include
This also works for Linux

0 Karma

empi1212
New Member

Hi Masonmorales,
Thanks for reading the question and you help...

we had tried to add to the white list but when you type in a name it looses all the other clients!

followed one of the links (thanks) and we are now using a wild card in the whitelist *

0 Karma

jkat54
SplunkTrust
SplunkTrust

You can type multiple names (or patterns) separated by commas.

example:
hostname1,hostname3,hostname5

Should put checks next to the appropriate hosts, as in the sample list below:
-hostname1
hostname2
- hostname3
hostname4
- hostname5

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...