Deploy in multi-tenant environments
Important: It is recommended that you work with Splunk Professional Services when designing a multi-tenant deployment.
A multi-tenant deployment server topology means that you have more than one deployment server running on the same Splunk instance, and each deployment server is serving content to its own set of deployment clients. (You can also achieve the same effect by using two Splunk instances, each with its own configuration.)
Use tenants.conf to redirect incoming requests from deployment clients to another deployment server or servers. The typical reason for doing this is to offload splunkd's HTTP server -- if too many deployment clients are simultaneously hitting the splunkd HTTP server to download apps and configurations, it can overload the deployment server. Over 400 connections at one time has been shown to bog down splunkd's HTTP server, but this does not take into account hardware or the size of the package the client is downloading.
To set up multiple deployment servers on a single Splunk instance, you:
- Create a
tenants.confcontaining a whitelist or blacklist that tells deployment clients which deployment server instance to use.
- Create a separate instance of
serverclass.conffor each deployment server, named for that deployment server, like so:
- For each deployment client, configure
deploymentclient.confthe way you would if there were just one deployment server.
What you can define in tenants.conf
You identify the different deployment servers as "tenants" in
tenants.conf on the Splunk instance that will host these deployment servers. There isn't a
tenants.conf file by default, so you must create one in
$SPLUNK_HOME/etc/system/local and define the tenants in it.
For each tenant, create a stanza with the heading
[tenant:<tenantName>] with these attributes:
|Attribute||What it's for||Default|
|| Set to
Set the attribute to one of these value categories:
Here is an example of defining two tenants in the
# Define two tenants - dept1 and dept2. # Deployment server configuration for dept1 will be in a matching dept1-serverclass.conf # Deployment server configuration for dept2 will be in a matching dept2-serverclass.conf [tenant:dept1] whitelist.0=*.dept1.splunk.com [tenant:dept2] whitelist.0=*.dept2.splunk.com
Example: add an input to forwarders
Upgrade your distributed environment
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18