Getting Data In

Are there any PowerShell Desired State Configuration (DSC) resources to set up Spunk servers?

iceman2321
Engager

I am working on on a project to set up Splunk servers using Desired State Configuration (DSC). I am surprised that there are not any resources out there to do this. Am I missing something? Is there a big reason why nothing out there exists, e.g. it's not possible?

halr9000
Motivator

At this point there are not, but I did speak with a customer today who was interested in creating one and possibly sharing it with the community (Edit: aha, that was you!). As to your surprise--I'm not surprised for two reasons:

  1. Splunk is very cross-platform, and DSC is Windows-only. Given that resources are limited, you'll see Splunk invest more generally in areas that can benefit all customers, regardless of their OS platform.
  2. The Splunk Deployment Server exists. Regardless of how you use DS (and whether you like it or not), the fact that it's there as a default option will tend to prevent folks from investing too much in an overlapping technology.

Is it possible to use DSC to manage Splunk? Of course. In fact, depending on your scope, a DSC resource could be trivially easy to do. The devil would be in the details of how far you want to go, given that there may be advantages in keeping DS around.

A minimal set of DSC resources might do the following:
- Deploy Splunk MSI & ensure its installed
- Copy a set of config files & ensure they are effected (by restarting splunkd service)

I can imagine you'd have a matrix of these that maps to Splunk server and client roles, such as:
- Search Head
- Indexer
- Deployment Server
- Universal Forwarder

The real question is whether you intend to mange all aspects of Splunk with DSC (very large project), or do you intend to simply use it for deployment client bootstrapping. If the latter, your DSC resource might have one step: deploy the MSI with a few parameters, one of which being the address to your DS.

0 Karma

samhodgson
Path Finder

I'd agree it's probably best to use DSC for the deployment of the UF to remote clients and let the splunk deployment server do the rest. Also DSC is now multiplatform! Its a new dawn for MS 🙂

https://msdn.microsoft.com/en-us/powershell/dsc/lnxgettingstarted

Im looking at the auto deployment of SSL certs to forwarders which I think DSC would be suited to this, I think it's possible via an splunk deployed app but sounds a bit messy.

If I do produce anything of use I will upload it to the community.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...