All Apps and Add-ons

Best Practice for Setting Up Server Classes per OS?

jpetrakovic
Explorer

Hello!

I'm in a Windows-only environment. Currently I have a use case where I need to deploy one version of the Windows TA to our workstations and another version to our servers (different monitoring requirements). I'm trying to figure out the best way to go about this. Since it doesn't seem like I can make a server class based on server vs. workstation, I'm guessing what I'll need to do is point our workstations to a separate deployment server. Has anyone else done something similar?

Thanks!

0 Karma

quihong
Path Finder

I know this is an old question, but for future readers that stumble on this question...

1) Naming convention. Typically servers are named differently from workstations, but in your comment you mentioned you don't have a separate naming convention for workstations versus servers.

2) IP Address/Subnet. Hopefully you have your servers sitting on a separate network from your workstations. I use this method to send data to the appropriate indexers for a particular site.

sloshburch
Splunk Employee
Splunk Employee

No need to have different deployment servers. See What are best practices for deploying an add-on with slightly different configurations?.

The serverclass part shouldn't be hard either. You can use the machinetypefilter with the white and black lists to control which app lands where.

0 Karma

jpetrakovic
Explorer

I was looking at the machinetypefilter, my only issue is that both our servers and our workstations show up as "windows-x64." We don't have a separate naming convention for workstations vs. servers either, so I'm guessing I would have to manually keep up with the whitelist and blacklists (not very feasible).

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Understood. I have been thinking about writing a best practice strategy for how to use the deploymentclient.conf's clientName field with a naming convention to facilitate something like that.

In the most simplest form, you could set that field with the <hostname>-<server|workstation> like
echo -e "[deployment-client]\nclientName = hostname-server"

Then your whitelist could be defined with just whitelist.0 = *-server.

That's a crude approach with stuff I haven't tested, but it gives you a sense of what could be possible.

0 Karma

jpetrakovic
Explorer

Thank you so much! I honestly didn't even consider manipulating the clientName field like that. I'll have to do some testing but I think this is the approach I'll take with this!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...