Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there anyway to enable a deployment server on an existing Splunk instance without having to reinstall indexers and forwarders?

joe_bayreaux
Explorer
‎01-06-2015 10:29 AM

We already have Splunk deployed, (indexer, w/ light forwarders)...

The reason for this question is that we've had issues getting splunk to work, but initially had issues getting data from forwarders. After uninstalling and reinstalling a few times, it finally worked.. somehow.. Which is fine..

Problem is, updating forwarders to blacklist certain events to not exceed license limits (saving bandwidth) is going to be a pain to do this every time manually. Having to update conf files on each server and of course -as we grow- it makes more sense to have a deployment server enabled.

So, is there anyway to enable a deployment server on a splunk instance that is already installed without having to re-install the indexer and forwarder(s)?

If there is a link to help with this, that would be perfect..

Thanks in advance,

Joe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎01-06-2015 11:28 AM

You don't need to reinstall. The deployment server capability is automatically enabled in Splunk Enterprise. You will need to restart the instances that you specify as deployment clients, but you don't need to reinstall. See this topic in the Updating Splunk Enterprise Instances manual for more information.

View solution in original post

Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎01-06-2015 11:32 AM

You will have to touch each forwarder one more time. You have to point the forwarders to a Deployment Server for them to pick up configs. You also need to choose a Deployment Server and stand it up ( you could use an indexer or search head - but is not recommended).

For full reading: http://docs.splunk.com/Documentation/Splunk/6.2.1/Updating/Aboutdeploymentserver

Start there and keep reading. 😄

Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎01-06-2015 11:28 AM

You don't need to reinstall. The deployment server capability is automatically enabled in Splunk Enterprise. You will need to restart the instances that you specify as deployment clients, but you don't need to reinstall. See this topic in the Updating Splunk Enterprise Instances manual for more information.

Reply
Solved! Jump to solution

joe_bayreaux
Explorer
‎03-12-2015 09:59 AM

Ok.. thanks for the help.. Wanted to accept both answers as they helped me get this figured out..

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...