Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there anyway to enable a deployment server on an existing Splunk instance without having to reinstall indexers and forwarders?

joe_bayreaux
Explorer
‎01-06-2015 10:29 AM

We already have Splunk deployed, (indexer, w/ light forwarders)...

The reason for this question is that we've had issues getting splunk to work, but initially had issues getting data from forwarders. After uninstalling and reinstalling a few times, it finally worked.. somehow.. Which is fine..

Problem is, updating forwarders to blacklist certain events to not exceed license limits (saving bandwidth) is going to be a pain to do this every time manually. Having to update conf files on each server and of course -as we grow- it makes more sense to have a deployment server enabled.

So, is there anyway to enable a deployment server on a splunk instance that is already installed without having to re-install the indexer and forwarder(s)?

If there is a link to help with this, that would be perfect..

Thanks in advance,

Joe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎01-06-2015 11:28 AM

You don't need to reinstall. The deployment server capability is automatically enabled in Splunk Enterprise. You will need to restart the instances that you specify as deployment clients, but you don't need to reinstall. See this topic in the Updating Splunk Enterprise Instances manual for more information.

View solution in original post

Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎01-06-2015 11:32 AM

You will have to touch each forwarder one more time. You have to point the forwarders to a Deployment Server for them to pick up configs. You also need to choose a Deployment Server and stand it up ( you could use an indexer or search head - but is not recommended).

For full reading: http://docs.splunk.com/Documentation/Splunk/6.2.1/Updating/Aboutdeploymentserver

Start there and keep reading. 😄

Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎01-06-2015 11:28 AM

You don't need to reinstall. The deployment server capability is automatically enabled in Splunk Enterprise. You will need to restart the instances that you specify as deployment clients, but you don't need to reinstall. See this topic in the Updating Splunk Enterprise Instances manual for more information.

Reply
Solved! Jump to solution

joe_bayreaux
Explorer
‎03-12-2015 09:59 AM

Ok.. thanks for the help.. Wanted to accept both answers as they helped me get this figured out..

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...