Getting Data In

How to Deploy the *Nix App across Universal Forwarders?

tadreeves
Engager

Looking for a good guide to deploying the *Nix app to all of my Universal Forwarders. Have around 50 forwarders set up, but would like to start collecting *Nix performance & process info on each and forward back to my indexers. Looking for some clear direction on how to do this. Do I just copy the *Nix App folder out to all of them? How does this work?

0 Karma

tskinnerivsec
Contributor

On the deployment server you will need to add a server class for all of your unix based servers in the serverclass.conf file. You can white list in the stanza you create based on machine type to match all of your unix based machines and assign the unix application to that serverclass to push the app out to the proper hosts.

hazekamp
Builder

tadreeves,

I would recommend setting up a Splunk Deployment Server (typically done on search head) to push out a single *Nix app, or modified versions of the *Nix app if you want to collect different metrics from different systems.

This single point of management for pushing applications to your forwarders will make it extremely easy to configure data inputs.

See also: About Deployment Server

tadreeves
Engager

That's exactly what I'm looking to do. Documentation is sparse, though, on how to push out an App. Do I just copy the entire ./etc/apps/unix dir into ./etc/deployment-apps/unix? Does it all need to go into some new index - like servers-os or similar? I'm running 4.2 with universal forwarders deployed as deployment clients.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...