Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Updating Remote Forwarders

kholleran
Communicator
‎02-03-2011 02:32 PM

Hello,

I have about 80 remote forwarders that forward back to a central Splunk server. I was wondering if anyone had come up with a solution to updating these remote forwarders. My desired functionality would be to be able to have the forwarder check a repository for the following:

  • latest version of Splunk. If the version in the repository is newer, upgrade.
  • check props.conf & transforms.conf. These differ slightly among the forwarders so I would have to be able to point to sub-types for the machines.
  • check inputs.conf & update if newer. However, in inputs.conf there is a hostname field that is different on every machine so this would have to be left alone.

I was starting to write something to accomplish this but it seems like this would be a common need so I was wondering if anyone had implemented something similar.

Thanks for your help.

Kevin

Reply

mbenitezr
Explorer
‎07-08-2015 10:54 AM

Hi.

i know this is a old topic, but i want to now, do you found a good solution?

thanks.

0 Karma
Reply

msettipane
Splunk Employee
Splunk Employee
‎02-04-2011 09:15 PM

Have you considered using Puppet or Chef?

Reply

kholleran
Communicator
‎02-03-2011 06:23 PM

Thanks for the link and suggestions.

I ran into a bunch of issues with deployment server where it showed it was contacting the server but never actually pulled anything down, so I was planning to replace that with something else while also including the splunk installer. All boxes in a group are the same, all are Windows. I would want something that allowed it to install automatically after it was triggered by an admin.

0 Karma
Reply

Lowell
Super Champion
‎02-03-2011 03:10 PM

Heres's a related idea: http://answers.splunk.com/questions/2567/need-deployment-server-to-assign-hostnames-dynamically-via-...

Reply

Lowell
Super Champion
‎02-03-2011 03:06 PM

Great question. I use the deployment server for keeping all the .conf files updated, and I have a custom per-server app for a number of my boxes with unique inputs settings. But, that's only half of your request. We have a much small number of forwards, so for now I'm doing all of that by hand. It would be possible to deploy a custom app with a "scripted input" script that downloads and installs the latest version (when needed), but there are tons of potential problems with that kind of approach; such as permissions, and failed/partial upgrades, in-use files, 32 vs 64 bit, tar/rpm/deb?

0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...