Plan a deployment
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Plan a deployment
If you've got Splunk instances serving a variety of different groups within your organization, chances are their configurations vary depending on who uses them and for what purpose. You might have some Splunk instances serving the help desk team, configured with a specific app to accelerate troubleshooting of Windows desktop issues. You might have another group of Splunk instances in use by your operations staff, set up with a few different apps designed to emphasize tracking of network issues, security incidents, and email traffic management. A third group of Splunk instances might serve the Web hosting group within the operations team.
Rather than trying to manage and maintain these divergent Splunk instances one at a time, you can group them based on their use, identify the configurations and apps needed by each group, and then use the deployment server to update their apps and configurations as needed.
In addition to grouping Splunk instances by use, there are other useful types of groupings you can specify. For example, you might group Splunk instances by OS or hardware type, by version, or by geographical location or timezone.
For the great majority of deployment server configurations, perform these steps:
1. Designate one of your Splunk instances as the deployment server.
Note: While in small environments (fewer than 30 deployment clients), it may be perfectly viable to provide the deployment server service from an indexer or search head node, Splunk strongly recommends putting the deployment server on its own Splunk instance when using it with larger numbers of clients. Another thing to consider is the need to restart the deployment server when making certain configuration changes, which may affect user searches if it shares a system with a search head. For additional information about deployment server sizing, refer to this topic about the deployment server on the Splunk Community Wiki.
2. Group the deployment clients into server classes. A server class defines the clients that belong to it and what content gets pushed out to them. Each deployment client can belong to multiple server classes.
3. Create a
serverclass.conf file on the deployment server. It specifies the server classes and the location of the deployment apps. Refer to "Define server classes" in this manual for details.
Note: You can also add server classes and perform simple configuration through Splunk Manager, as described in "Define server classes".
4. Create the directories for your deployment apps, and put the content to be deployed into those directories. Refer to "Deploy apps and configurations" in this manual for details.
5. On each deployment client, create a
deploymentclient.conf file. It specifies what deployment server the client should communicate with, the specific location on that server from which it should pick up content, and where it should put it locally. Refer to "Configure deployment clients" in this manual for details.
6. For more complex deployments with multiple deployment servers, create a
tenants.conf file on one of the deployment servers. This allows you to define multiple deployment servers on a single Splunk instance and redirect incoming client requests to a specific server according to rules you specify. Refer to "Deploy in multi-tenant environments" in this manual for more information about configuring
tenants.conf. Most deployment server topologies don't need
For an example of an end-to-end configuration, see "Deploy several forwarders".
Note: The deployment server and its deployment clients must agree in the SSL setting for their
splunkd management ports. They must all have SSL enabled, or they must all have SSL disabled. To configure SSL on a Splunk instance, set the
enableSplunkdSSL attribute in server.conf to "true" or "false". For detailed information on using SSL with deployment server, see "Securing deployment server and clients".
Restart or reload?
The first time you configure the deployment server and its clients, you'll need to restart all instances of Splunk. When you restart the deployment server, it automatically deploys any new content to its clients. Later on, to deploy new or updated content without restarting, you can use the CLI
reload command, as described in "Deploy apps and configurations" in this manual.
Enable and disable deployment server using the CLI
To enable a deployment server, run the following command from the Splunk CLI:
./splunk enable deploy-server
Now restart the deployment server to make the change take effect.
To disable a deployment server, run the following command:
./splunk disable deploy-server