Configure a Splunk Deployment Server

Configure a Splunk Deployment Server

Any Splunk instance can be a deployment server.

Create a deployment server

• Install Splunk on the server.
• Create the file $SPLUNK_HOME/etc/bundles/local/deployment.conf
• deployment.conf is the configuration file. You can use $SPLUNK_HOME/etc/bundles/README/deployment.conf.example as a sample.

Configuration

For deployment servers, you must specify:

• Path where the configuration bundles are kept
• Whether the clients should use multicast and the multicast parameters.
• Which servers belong to which classes. Note that wildcards can be used.

Examples

basic example

[distributedDeployment]
serverClassPath=/opt/splunk/etc/modules/distributedDeployment/classes

serverClassPath=

• This is the directory containing all your server class bundles
• Defaults to $SPLUNK_HOME/etc/modules/distributedDeployment/classes

multicast example

[distributedDeployment-multicast]
sendMulticast=true
multicastURI=225.0.0.39:9999
interfaceIP=x.x.x.x
frequency=60
useDNS=true

sendMulticast=

• Use multicast true or false.
• Defaults to false.

multicastURI=

• Which multicast group to send it to.
• Only used if 'sendMulticast == true'.
• If this is not specified, multicast will be turned off.
• No default.

interfaceIP=

• The IP address of the interface to send multicast packets on,
• Defaults to whatever the kernel picks (usually sufficient).

frequency=

• How often to send the multicast packet out (in seconds).
• Defaults to 30 seconds.

useDNS=

• When clients phone home to this server, should the server look up their hostname.
• Defaults to false.

[distributedDeployment-classMaps]

www.* = web,apache

10.1.*.1 = osx

• Map IP ranges or DNS addresses to server classes.
• You can put a wildcard (*) anywhere in the string.

server class example:

[distributedDeployment-classMaps]
www.* = web,apache
10.1.1.2* = osx

• Was this topic useful?
• Post a comment