Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Splunk deployment server

The Splunk deployment server is used to deploy apps to different components within the Splunk environment. It is most often used to deploy add-ons to forwarders and indexers for index-time knowledge. The pre-configured packages included with the Splunk App for Enterprise Security make using the deployment server easier.

The Splunk App for Enterprise Security deployment-apps folder ($SPLUNK_HOME/etc/deployment-apps) contains sample Splunk deployment server configurations that can be used to accelerate deployment of the app.

The following components are available:

Item Description
SA-ForIndexers Splunk App for Enterprise Security makes use of summary indexes, which are stored on the search head by default. In some deployments there are policy or performance reasons to distribute these summary indexes across the indexer tier. This deployment server configuration enables that configuration.-->
nixFF Sample outputs for Unix full (or heavy) forwarders.
Note: These configurations may conflict with configurations provided by the Splunk App for Unix, and are provided as guidance only.
nixLF Sample outputs for Unix light forwarders.
Note: These configurations may conflict with configurations provided by the Splunk App for Unix, and are provided as guidance only.
nixUF Sample outputs for Unix universal forwarders.
Note: These configurations may conflict with configurations provided by the Splunk App for Unix, and are provided as guidance only.
winFF Sample outputs for Windows full (or heavy) forwarders.
Note: These configurations may conflict with configurations provided by the Splunk Add-on for Windows, and are provided as guidance only.
winLF Sample outputs for Windows light forwarders.
Note: These configurations may conflict with configurations provided by the Splunk Add-on for Windows, and are provided as guidance only.
winUF Sample outputs for Windows universal forwarders.
Note: These configurations may conflict with configurations provided by the Splunk Add-on for Windows, and are provided as guidance only.
splunktcp_listener,
udplistener 		Sample inputs for receiving network data.
Note: These configurations are provided as guidance only.
serverclass.conf.local,
deploymentclient.conf.local 		Sample deployment server configuration files.
Note: These configurations are provided as guidance only.

For more information about using the deployment server, see "About deployment server" in the core Splunk product documentation.

Last modified on 15 May, 2013
Add-ons   Install prerequisites

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters