Detail Discussion on Deployment Server Configuration

Поделиться
HTML-код
  • Опубликовано: 25 ноя 2024

Комментарии • 76

  • @filipkuczak3426
    @filipkuczak3426 2 года назад +4

    Thank You for very specific and "user firendly" explanation of such a complex topic. Learning with Your videos is really enjoyable.

  • @vijaykumar-yq7sf
    @vijaykumar-yq7sf 2 года назад

    Hello Sir, I am huge fan of your. Please create all the same play list in Hindi. That would be a game change for millions of students. Thank you

  • @strange1045
    @strange1045 2 года назад

    Thank you my friend... you are doing good service to the techies.. and that too on hot product like Splunk.... Expecting more support .. thank you .

  • @Parandeh_Mahajir
    @Parandeh_Mahajir 3 года назад +1

    Hi @Splunk & Machine Learning , I have one question after that I pulled my deployment server, unfortunately I could not see any client from HF and UF to DS, could you please help me regarding this issue?

  • @ShakeerAkramashu
    @ShakeerAkramashu 11 месяцев назад

    your videos helping me a lot much appreciate. 👌

  • @mllenessmarie
    @mllenessmarie 2 года назад

    Sir, you're a lifesaver, truly.

  • @osky7777
    @osky7777 Год назад

    Hello, I'm following your example on setting up the deployer, my question is when you setup your default directory for the fwd_to_receiver , if you're running a cluster index, do I list all three ip addresses for there server?

  • @vikassingh4320
    @vikassingh4320 5 лет назад +2

    As usual.. The Best.

  • @awokvenkat
    @awokvenkat Год назад

    Sir
    Here the logs are coming to main index (index=main) if we would like to receive the logs on different index which is created newly for these two hosts

  • @neeraj79
    @neeraj79 3 года назад

    Request to Pls upload a video on deploying app updates / configuration bundles in a Clustered environment

  • @rajivranjan9614
    @rajivranjan9614 2 года назад

    HI Sid,
    I have to create a syslog data input using TCP port to 5 heavy forwarder. How can i do it from deployment server? Can you please help

  • @anishchauhan8820
    @anishchauhan8820 3 года назад +2

    This is such a great video which I've watched a couple of times and only the second time does it all click into place! :)
    My only question is, so much of the Splunk documentation always suggests that no manual changes should be made to the default folder, only the local folder, would the end result have been the same if the files were added to the local folder in the deployment server?
    Please keep up the good work!!!!

    • @splunk_ml
      @splunk_ml  3 года назад +1

      yes it will be same.

    • @kennethwalters4304
      @kennethwalters4304 8 месяцев назад

      @@splunk_mlso why use the default folder when you know it’s good practice to place the configs in the local folder? I was confused by this choice as well lol

  • @DeepakKumar-uv5by
    @DeepakKumar-uv5by 4 года назад

    Really appreciate your great work

  • @oksey2002
    @oksey2002 3 года назад

    Hello sir, I found you used the public IP address. I would like to know what further steps are involved using private IP address. Thanks

  • @dipeshkumar7043
    @dipeshkumar7043 2 года назад

    Thanks for your video. it's helping me a lot .
    I have followed the process, and have 1 issue. post creation of deployment client.conf file and restart. It should automatically connect with DS , under forwarder management --> client tab, but its not working for me. in any of the UF,HF, or windows. is there any access issue or anything else? please advice

  • @sivakrishnahanumanthu4558
    @sivakrishnahanumanthu4558 5 месяцев назад

    can you please tell ua in windows how to configure deployment server universal forwarder and heavy forwarder

  • @cainiak
    @cainiak 4 года назад

    Very good video, thank you very much.

  • @offersmail4688
    @offersmail4688 5 лет назад +2

    I have a question, let's say I have a 20 UF with no Deployment server. I'm trying to get 10 more UF plus one deployment server to connect all of 30 UF. So should I go to each UF to configure deploymentclient.conf in all those 30 UF? It's true that the deployment server will push serverclass and deployment apps and also other configurations to all those UF. But is there any way to configure the deploymentclient.conf from the deployment server and push to all those 30 UF.
    wanted to put this in an email, but it may clear others' doubts as well if it is here.

    • @splunk_ml
      @splunk_ml  5 лет назад +2

      Very tricky question, I can think about couple of solutions here,
      1. First of all our deploymentclient.conf resides in etc/system/local folder. Now I can create an app with just deploymentclient.conf and deploy it thru deployment server to all UF. in that case we need to delete the system /local deploymentclient.conf file from each UF, which is again not fully automated.
      2. We can create a python script which will update the deploymentclient.conf in system/local and we can deploy that python script as scripted input in all UF through deployment server. Only thing we have to handle here is the splunk restart part in python script. Then it will become fully automated. I will try to create a video for this.

    • @offersmail4688
      @offersmail4688 5 лет назад

      @@splunk_ml Yes, we can create an app in deployment-apps and call that app in serverclass will go to all UF. Do you think it will override the configs in UF (system/local/deploymentclient.conf) when we push this app to all UF.?
      Thanks for taking the time to reply. #respect

    • @splunk_ml
      @splunk_ml  5 лет назад +2

      It won't override because deployment server will deploy the app in etc/apps folder. That's why we need to delete the deploymentclient.conf in system/local folder so that our etc/apps version will take precedence.

    • @offersmail4688
      @offersmail4688 5 лет назад

      @@splunk_ml Got it, sir..! Thanks

    • @bhoopeshkumarj779
      @bhoopeshkumarj779 4 года назад

      When consuming a global configuration, such as inputs.conf, Splunk software first uses the attributes from any copy of the file in system/local. Then it looks for any copies of the file located in the app directories, adding any attributes found in them, but ignoring attributes already discovered in system/local.
      I just read this in splunk docs, that means no need to empty local file if apps directory has the file it might have precedence

  • @platinumheritage2320
    @platinumheritage2320 4 года назад +1

    Thanks for the video. I have a Splunk cloud environment. How do I configure a server to collect logs from about 5000 workstations? Thanks

    • @splunk_ml
      @splunk_ml  4 года назад +3

      you just needs to install forwaders there and send the logs to splunk.
      Check this post,
      answers.splunk.com/answers/34896/simple-installation-script-for-universal-forwarder.html

  • @nagendra_sharevedios7520
    @nagendra_sharevedios7520 2 года назад

    Plz share vedios about splunk fundamentals and modules 1 & 2

  • @muradghazzawi5088
    @muradghazzawi5088 3 года назад

    Thank you sir, very helpful 👍

  • @VLOneWay
    @VLOneWay Год назад

    thank you very good video :)

  • @rotimiakinbobola2327
    @rotimiakinbobola2327 3 года назад

    why did you create the outputs & inputs.conf in default?

    • @splunk_ml
      @splunk_ml  3 года назад +1

      If you are developing your own app its always good to have your out of the box configs in default folder so that when you update something it will not impact the user changes in local folder (if any).

  • @leokens6915
    @leokens6915 3 года назад

    i have a distrubuted environment with a cluster master for my indexers. can i deploy all my apps to the cluster master from the deployement server?

    • @splunk_ml
      @splunk_ml  3 года назад +1

      Hi Leo,
      Yes you can deploy apps through deployment server to cluster master, please find below the reference link, I will also cover it soon.
      docs.splunk.com/Documentation/Splunk/8.2.3/Indexer/Updatepeerconfigurations#Use_deployment_server_to_distribute_the_apps_to_the_manager_node
      Sid

  • @anemsumanth
    @anemsumanth 3 года назад

    #Question
    Sir, do we have to login to each farworder and enable them for pooling deployment server ?
    ./splunk set deploy-poll

    • @splunk_ml
      @splunk_ml  3 года назад +1

      yes, but if you have huge number of forwaders then you need to use tools like ansible to deploy the config.

  • @MkerSure
    @MkerSure 5 лет назад

    muy buen video, se agradece el tiempo y la explicacion. saludos

  • @splunkuser1504
    @splunkuser1504 4 года назад +1

    Hi Bro
    I have tried the same config but i m not able to see the deploy clients refelecting in the forwarder management
    an you please help on this

    • @splunk_ml
      @splunk_ml  4 года назад

      Can you please search in internal index if you are receiving any error.

    • @harishbeathi
      @harishbeathi 4 года назад +1

      try this command in forward servers "./splunk show deploy-poll"

  • @victorgonzalez566
    @victorgonzalez566 4 года назад

    Outstanding!

  • @haogedeng8842
    @haogedeng8842 2 года назад +1

    Thank you for these videos - very informative and helpful!
    Got one question if you don't mind - what is the difference in between the "local" folder and "default" folder when we need to put a .conf file in to an app?😀

    • @splunk_ml
      @splunk_ml  2 года назад +1

      I will try to explain with an example,
      lets say the app you are building you created a .conf file for the setup. Now intially when you will package the app there will not be any user defined values for the configs in your conf file but when a user will setup the app he/she will give values to those configs according to his/her need,
      So in the initial package your conf file should be in default folder and generally user sshould not touch that ,as you are the creator of that app and if you see that is the reason splunk also recommends not to touch the default folder configs.
      Now when users will do the setup the change will be saved (if you are the creator of the app you need code it) in the local folder for same conf file and as local folder will get higher precedence over default folder splunk will automatically take the updated configs in local folder.
      Hope I didn't confuse you :)

    • @haogedeng8842
      @haogedeng8842 2 года назад

      Splunk & Machine Learning thank you so much for your time and the explanation… this is very clear and I understand it now… :)

  • @emilygaskell1819
    @emilygaskell1819 4 года назад

    Really helpful, thank you! :)

  • @anjanchakraborty1630
    @anjanchakraborty1630 4 года назад

    I have a requirement where I need to monitor few log files in a folder (say there are 50 files in that folder) and if 1 of the files get removed by th system I need an alert. That alert should also tell me the name of the file which got removed. Can you please help me on it how to set up that monitoring in splunk?

    • @splunk_ml
      @splunk_ml  4 года назад

      can you check the below post,
      community.splunk.com/t5/Getting-Data-In/Data-Input-Monitor-a-directory-for-new-files-and-delete-when/td-p/27894

  • @hectorvptrojan784
    @hectorvptrojan784 4 года назад

    I'm able to successfully pull the app in UF which contains inputs.conf and outputs.conf however they are either not monitoring data or not sending it, I've checked all the ports which are open and fine, there is nothing in /etc/system/local, inputs and outputs file are written appropriately as well thing is I can't see anything in search head with index=_internal with thus UF as well

    • @splunk_ml
      @splunk_ml  4 года назад

      Can you see in _internal index where you are receiving any connectivity error from UF? Also if you are using the same GCP setup I used in this video can you check the firewall rule whether you have allowed TCP traffic for those ports?

    • @hectorvptrojan784
      @hectorvptrojan784 4 года назад

      @@splunk_ml I don't see anything under _internal index and firewalls are open as well, can u provide ur mail id??Apart from this I've got other high level questions as well, may be mailbox is right place to address those

    • @splunk_ml
      @splunk_ml  4 года назад

      you can email me @techiesid1985@gmail.com

  • @joseputhettu9195
    @joseputhettu9195 5 лет назад

    Hi I am trying to move the reporting of some servers from a test deployment server to prod deployment server. So is it possible to push it from the uat deployment server to UF agents to report to prod deployment server ? Have you tried anything like this ?

    • @splunk_ml
      @splunk_ml  5 лет назад

      I never tried this but its possible if there is connectivity between uat and prod but its generally not recommended.

  • @splunkuser1504
    @splunkuser1504 4 года назад

    but here i am trying to send a heavy forwader to one indexer and splunk forwarder to another indexer

  • @sachinbansal4435
    @sachinbansal4435 4 года назад

    Hi ​ @Splunk & Machine Learning,
    Thanks for the video. It is really very well explained. But i have heard a term about client phone home and phone home interval in deployment server concept. Do you have any idea about those.

    • @splunk_ml
      @splunk_ml  4 года назад

      client phone home and interval is just term stating whether the deployment clients are polling the deployment server and how frequently they are polling. These settings are present in deploymentclient.conf file.

    • @sachinbansal4435
      @sachinbansal4435 4 года назад

      @@splunk_ml In video when you created deploymentclient.conf there was no attribute for phone home. So do we need to define those settings in deploymentclient.conf or will there be default value there??

  • @CHAMP_GUY
    @CHAMP_GUY 3 года назад

    perfect

  • @alexkamalov1169
    @alexkamalov1169 3 года назад

    Sid you mentioned in your lecture that Deployment Server cannot be used with Splunk Cluster. Does it mean A) Deployment server cannot be configured on a cluster member or B) Splunk Cluster members cannot be clients of the Deployment server?

    • @splunk_ml
      @splunk_ml  3 года назад

      Hello Alex,
      I meant the below,
      A cluster manager node and a deployment server both consume significant system resources while performing their tasks. The manager node needs reliable and continuous access to resources to perform the ongoing management of the cluster, and the deployment server can easily overwhelm those resources while deploying updates to its deployment clients.
      For most deployments, the deployment server must run on a dedicated Splunk Enterprise instance that is not serving as an indexer or a search head. The exception is if the deployment server has only a small number of clients, 50 or less. Under those limited circumstances, it is possible for an indexer or search head to double as a deployment server.
      Alternatively, you can host any one of these management components on a deployment server, but only if the deployment server has 50 or less clients:
      License master
      Monitoring console
      Search head cluster deployer

  • @badbadboy5657
    @badbadboy5657 5 лет назад

    Can I ask you some questions on a few topics/areas in splunk? I know you occupied with your todo.

    • @splunk_ml
      @splunk_ml  5 лет назад +1

      Definitely... Shoot me email with details I will try to help.

  • @CHAMP_GUY
    @CHAMP_GUY 3 года назад

    Please make a video for syslog-ng with universal or heavy forwarder or HEC.

  • @CHAMP_GUY
    @CHAMP_GUY 3 года назад

    Even splunk education is not giving this much info

  • @abraralikhan5448
    @abraralikhan5448 2 года назад

    Bro hindi mein bolo na

  • @padmajaajain972
    @padmajaajain972 2 года назад

    I am getting the below warning when i try to poll the forwarder to deployment server
    Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details.