Splunk® Enterprise

Installation Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Configure a standalone 3.4.x deployment server

If you are planning to migrate to Splunk 4.x, but do not want to migrate your deployment clients until a later time, you can set up a stripped-down, standalone 3.4.x deployment server to serve your deployment clients until you're ready to migrate them (Splunk 4.x deployment server is incompatible with clients older than 4.x).

This procedure assumes the following:

  • You have an existing deployment server at fflanda.splunk.com listening on port 8089 for deployment clients.
  • Your deployment clients are all 3.x and are all polling this deployment server.
  • The deployment classes are in $SPLUNK_HOME/etc/modules/distributedDeployment/classes.
  • This Splunk instance is also an index server that must be upgraded.

Given the above, the procedure is as following:

1. Download the latest Splunk 3.4.x build for your architecture.

2. Back up the existing $SPLUNK_HOME/etc using tar -zxvf $SPLUNK_HOME/etc > /tmp/splunk_old_etc.tgz

3. Stop Splunk, remove deployment.conf and deployment classes.

4. If $SPLUNK_HOME = /opt/splunk, mv to /opt/splunk_old. Otherwise, install the 3.4.x tarball or rpm in the default location

5. Extract the splunk_old_etc.tgz over top of the fresh installation.

6. Remove/rename any inputs.conf/outputs.conf files in /opt/splunk_depserver/etc/system/local or /opt/splunk_depserver/etc/apps/. You will probably want to keep authentication.conf, server.conf, /opt/splunk/etc/passwd, /opt/splunk/etc/auth/* - pretty much anything but inputs.conf, outputs.conf and the unchanged splunk-launch.conf.

7. Disable Splunk Web on the newly installed instance using the CLI or web.conf.

8. Execute mv /opt/splunk /opt/splunk_depserver

9. Edit /opt/splunk_depserver/etc/splunk-launch.conf to change $SPLUNK_HOME to /opt/splunk_depserver. If $SPLUNK_DB is also set, comment out this variable so that the new instance does not try to write to the old data store.

10. To ensure that this deployment server remains functional, switch its license out for a 3.x forwarder license. Copy $SPLUNK_HOME/etc/splunk-forwarder.license to $SPLUNK_HOME/etc/splunk.license .

11. Execute /opt/splunk_depserver/bin/splunk start

12. Execute mv /opt/splunk_old /opt/splunk, then perform migration.

13. During post-migration start up, Splunk will notice that the old management port is bound, and will prompt the admin to change the management port. Keep track of this new port as you must update it in any distributed search or REST configurations.

14. Execute /opt/splunk_depserver/bin/splunk list deploy-clients -auth admin:changeme and verify that the deployment clients have been in touch with the deployment server.

14. Review /opt/splunk_depserver/var/log/splunk/splunkd.log and /opt/splunk/var/log/splunk/splunkd.log for errors.

Uninstall Splunk
Ready to start using Splunk?

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters