how to I get my forwarder to talk to my deployment...

cdupuis123 · ‎06-02-2014

I now have a deployment server and want to get a handful of Linux forwarders talking to it. On Windows it's pretty straight forward with the MSI install switches, but how do I change the linux install?

ckurtz · ‎06-02-2014

The easiest way is to add a deploymentclient.conf to /opt/splunkforwarder/etc/system/local, but it's also the wrong way.

The best way is to make an app on your Deployment Server (and is listed in the DS's serverclass.conf) that has a local/deploymentclient.conf file, then manually copy that app to your UFs at install. That way the app itself is controlled by DS, so if you ever need to update it on the UFs (for example, you change the IP of the DS or want to split them out) you can.

For new installations, I've just made a bash shell script that unzips the deployment app files in the UF's etc directory after install, so that it phones to the DS on startup.

The DS has a default serverclass.conf for all machines that just serves the deploymentclient app.

somesoni2 · ‎06-02-2014

Try steps from the documentation on how to configure Linux forwarders.

http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployanixdfmanually

how to I get my forwarder to talk to my deployment server when the forwarder is on linux?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk