Wednesday, December 11, 2024
Latest:
NETWORK ADMINISTRATIONSwindows dns serverWindows server

Detail Discussion on Deployment Server Configuration

In this video I have discussed about how to configure deployment server in details.
The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances. You can use it to distribute updates to most types of Splunk Enterprise components: forwarders, non-clustered indexers, and search heads.

Configs used in this video can be downloaded from the below repo,
https://github.com/siddharthajuprod07/youtube/tree/master/deployment_server

source

by Splunk & Machine Learning

windows server dns forwarder

You May Also Like

Windows XP Professional x64 Edition ENWindows Server 2003 R2 Enterprise Edition SP2 Mon VirtualBOX

Alice AUSTIN

Upload PHP Backdoor on a Windows IIS 10 Server – OSCP

OSIGlobal: Patrowl Installation Hands on session

45 thoughts on “Detail Discussion on Deployment Server Configuration

  • Hello, I'm following your example on setting up the deployer, my question is when you setup your default directory for the fwd_to_receiver , if you're running a cluster index, do I list all three ip addresses for there server?

  • Sir

    Here the logs are coming to main index (index=main) if we would like to receive the logs on different index which is created newly for these two hosts

  • Thanks for your video. it's helping me a lot .
    I have followed the process, and have 1 issue. post creation of deployment client.conf file and restart. It should automatically connect with DS , under forwarder management –> client tab, but its not working for me. in any of the UF,HF, or windows. is there any access issue or anything else? please advice

  • I am getting the below warning when i try to poll the forwarder to deployment server
    Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details.

  • HI Sid,
    I have to create a syslog data input using TCP port to 5 heavy forwarder. How can i do it from deployment server? Can you please help

  • Thank you for these videos – very informative and helpful!

    Got one question if you don't mind – what is the difference in between the "local" folder and "default" folder when we need to put a .conf file in to an app?😀

  • Hello Sir, I am huge fan of your. Please create all the same play list in Hindi. That would be a game change for millions of students. Thank you

  • Thank You for very specific and "user firendly" explanation of such a complex topic. Learning with Your videos is really enjoyable.

  • Thank you my friend… you are doing good service to the techies.. and that too on hot product like Splunk…. Expecting more support .. thank you .

  • i have a distrubuted environment with a cluster master for my indexers. can i deploy all my apps to the cluster master from the deployement server?

  • #Question

    Sir, do we have to login to each farworder and enable them for pooling deployment server ?

    ./splunk set deploy-poll <ip>

  • Why is the serverclass.conf file being created in /etc/apps/search/local for some serverclasses when created from UI

  • Please make a video for syslog-ng with universal or heavy forwarder or HEC.

  • Even splunk education is not giving this much info

  • Hi @Splunk & Machine Learning , I have one question after that I pulled my deployment server, unfortunately I could not see any client from HF and UF to DS, could you please help me regarding this issue?

  • Request to Pls upload a video on deploying app updates / configuration bundles in a Clustered environment

  • This is such a great video which I've watched a couple of times and only the second time does it all click into place! 🙂
    My only question is, so much of the Splunk documentation always suggests that no manual changes should be made to the default folder, only the local folder, would the end result have been the same if the files were added to the local folder in the deployment server?

    Please keep up the good work!!!!

  • Sid you mentioned in your lecture that Deployment Server cannot be used with Splunk Cluster. Does it mean A) Deployment server cannot be configured on a cluster member or B) Splunk Cluster members cannot be clients of the Deployment server?

  • Hello sir, I found you used the public IP address. I would like to know what further steps are involved using private IP address. Thanks

  • I see you manually create the deploymentclient.conf on the clients. How does one deploy a preconfigured deploymentclienf.conf to several univ. fowarder systems in bulk ? Do we need to manually run that "deploy-poll" command on every fwder server one by one ?

  • Hi ​ @Splunk & Machine Learning,
    Thanks for the video. It is really very well explained. But i have heard a term about client phone home and phone home interval in deployment server concept. Do you have any idea about those.

  • I have a requirement where I need to monitor few log files in a folder (say there are 50 files in that folder) and if 1 of the files get removed by th system I need an alert. That alert should also tell me the name of the file which got removed. Can you please help me on it how to set up that monitoring in splunk?

  • I'm able to successfully pull the app in UF which contains inputs.conf and outputs.conf however they are either not monitoring data or not sending it, I've checked all the ports which are open and fine, there is nothing in /etc/system/local, inputs and outputs file are written appropriately as well thing is I can't see anything in search head with index=_internal with thus UF as well

  • Thanks for the video. I have a Splunk cloud environment. How do I configure a server to collect logs from about 5000 workstations? Thanks

  • Hi,
    I have updated inputs.conf and outputs.conf under deployment-apps/ufapp/default
    on deployement server and these are updated in universal forwarder under 
    /opt/splunk/etc/apps/ufapp/default

    Inputs.conf
    [monitor:///home/user/test_file.csv]
    disabled = false

    outputs.conf
    [tcpout]
    defaultGroup = default-autolb-group
    [tcpout:default-autolb-group]
    disabled = false
    server = 30.225.16.128:9997,34.226.38.193:9997,33.93.143.213:9997

    this confoguration is working and i can see data in search head

    but when i want to send data to a particular index, data is not ingesting into indexer cluster.
    not sure what's the issue, could you please help me to find out the issue

    Inputs.conf
    [monitor:///home/user/sample.csv]
    disabled = false
    index = test

    outputs.conf
    [tcpout]
    defaultGroup = default-autolb-group
    [tcpout:default-autolb-group]
    disabled = false
    server = 30.225.16.128:9997,34.226.38.193:9997,33.93.143.213:9997

  • but here i am trying to send a heavy forwader to one indexer and splunk forwarder to another indexer

  • Hi Bro

    I have tried the same config but i m not able to see the deploy clients refelecting in the forwarder management

    an you please help on this

  • I have a question, let's say I have a 20 UF with no Deployment server. I'm trying to get 10 more UF plus one deployment server to connect all of 30 UF. So should I go to each UF to configure deploymentclient.conf in all those 30 UF? It's true that the deployment server will push serverclass and deployment apps and also other configurations to all those UF. But is there any way to configure the deploymentclient.conf from the deployment server and push to all those 30 UF.
    wanted to put this in an email, but it may clear others' doubts as well if it is here.

  • Can an app installed in SPLUNK_HOME be managed by deployment server?

  • Hi I am trying to move the reporting of some servers from a test deployment server to prod deployment server. So is it possible to push it from the uat deployment server to UF agents to report to prod deployment server ? Have you tried anything like this ?

  • Can I ask you some questions on a few topics/areas in splunk? I know you occupied with your todo.

Comments are closed.