Documentation > Splunk > Distributed Deployment Manual > Deploy in multi-tenant environments

Distributed Deployment Manual

 


Overview
Forward data
Configure forwarding
Use the forwarder to create deployment topologies
Deploy the universal forwarder
Deploy heavy and light forwarders
Search across multiple indexers
Monitor your deployment
Deploy configuration updates across your environment
Upgrade your deployment

Deploy in multi-tenant environments

Contents

Deploy in multi-tenant environments

Note: It is recommended that you work with Splunk Professional Services when designing a multi-tenant deployment. It is best not to edit tenants.conf on your own.

A multi-tenant deployment server topology means that you have more than one deployment server running on the same Splunk instance, and each deployment server is serving content to its own set of deployment clients. (You can also achieve the same effect by using two Splunk instances, each with its own configuration.)

Use tenants.conf to redirect incoming requests from deployment clients to another deployment server or servers. The typical reason for doing this is to offload your splunkd's HTTP server -- having many deployment clients hitting the splunkd HTTP server at once to download apps and configurations can overload the deployment server. Over 400 connections at one time has been shown to bog down splunkd's HTTP server, but this does not take into account hardware or the size of the package the client is downloading -- this will be constrained by bandwidth size.

To set up multiple deployment servers on a single Splunk instance, you:

For information about configuration files, including an explanation of their basic structure, see About configuration files in the Admin manual.

What you can define in tenants.conf

You identify the different deployment servers as "tenants" in tenants.conf on the Splunk instance that will host these deployment servers. There isn't a tenants.conf file by default, so you must create one in $SPLUNK_HOME/etc/system/local and define the tenants in it.

For each tenant, create a stanza with the heading [tenant:<tenantName>] with these attributes:

Attribute What it's for Default
filterType Set to "whitelist" or "blacklist". Determines the type of filter to use. Deployment clients use the filter to determine which deployment server to access. whitelist
whitelist.<n>

blacklist.<n>

<n> is a number starting at 0, and incrementing by 1. The client stops looking at the filter when <n> breaks.

Set the attribute to ipAddress, hostname, or clientName:

  • ipAddress is the IP address of the deployment client. Can use wildcards, such as 10.1.1.*
  • hostname is the host name of deployment client. Can use wildcards, such as *.splunk.com.
  • clientName is a logical or tag name that can be assigned to a deployment client in deploymentclient.conf. clientName takes precedence over ipAddress or hostname when matching a client to a filter.
n/a

Example

Here is an example of defining two tenants in the tenants.conf file: 

# Define two tenants - dept1 and dept2.
# Deployment server configuration for dept1 will be in a matching dept1-serverclass.conf
# Deployment server configuration for dept2 will be in a matching dept2-serverclass.conf

[tenant:dept1]
whitelist.0=*.dept1.splunk.com

[tenant:dept2]
whitelist.0=*.dept2.splunk.com
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/Deploy/Deployinmulti-tenantenvironments"

This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!