Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use the current Deployment Server to configure remote UFs with a new Deployment Server IP?

Log_wrangler
Builder
‎03-27-2019 08:08 AM

Hi,
I have not found the post if it already exists...
But I have to reconfigure a lot of UF(s) to check-in with a new DS.
Unfortunately the original DS was not configured with a FQDN.

Is there a method to send the UFs an app (e.g. "update_DS_IP) that will configure the UF to connect to the new DS (i.e. replace the DS IP)?

Thank you!

Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-27-2019 08:19 AM

If you current have an app that tells the UFs where to find the DS then all you need to do is update that app with the new DS's address. Each UF will update itself and contact the new DS.

Since you are asking this question, I'll assume you do not have such an app today. You probably have $SPLUNK_HOME/etc/system/local/deploymentclient.conf on each UF. This practice is strongly (perhaps not strongly enough) discouraged for exactly this reason.

Create your app. Call it something like 'org_all_deploymentclient' and push it to all UFs.

Then comes the hard part. You need to delete the $SPLUNK_HOME/etc/system/local/deploymentclient.conf file from every UF. Let's hope you have a centralized way to do that (Puppet, Chef, etc.), otherwise you will have to log in to each UF to delete the file.

---
If this reply helps you, Karma would be appreciated.
Reply

nickhills
Ultra Champion
‎03-27-2019 08:26 AM

If you're brave...
Scripted input to run a bash script which rm's $SPLUNK_HOME/etc/system/local/deploymentclient.conf
Tried it once. Worked, but didn't sleep for 3 days afterwards.

If my comment helps, please give it a thumbs up!
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...