Adapting Deployment Servers to Growing Organizations

Overview

What do you do if you have a large number of Deployment Servers (DS) and want to separate business units into different serverclasses?  Server naming conventions can make standard whitelists and blacklists lengthy and difficult to maintain.  At the same time, you don’t want to stand up a secondary DS.

One solution is to add a prefix to the clientName (portion in red below) to each forwarder for the second business unit followed by its normal server name:

[deployment-client]
phoneHomeIntervalInSecs = 60

clientName = bunit2_<server>

[target-broker:deploymentServer]
targetUri = xxx.xxx.xxx.xxx:8089 

How-To:

Create two deployment server serverclasses and applications (1 for windows, 1 for linux) to push to a subset of existing forwarders to change the clientName.

Each application should contain and executable shell/batch and a scripted input to run the script.
Example shell script:

#!/bin/bash
#dcconfig.sh
#Description: Linux shell script to update deploymentclient.conf*
#
dcname=`uname -n | cut -d. -f1`

echo [deployment-client]                   > “$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/local/deploymentclient.conf”
echo phoneHomeIntervalInSecs = 60         >> “$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/local/deploymentclient.conf”
echo clientName = bunit2_$dcname          >> “$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/local/deploymentclient.conf”
echo                                      >> “$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/local/deploymentclient.conf”
echo [target-broker:deploymentServer]     >> “$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/local/deploymentclient.conf”
echo targetUri = xxx.xxx.xxx.xxx:8089     >> “$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/local/deploymentclient.conf”


Create a scripted input to run the shell script once the app is deployed. The scripted input only executes one time and writes a deploymentclient.conf to the local directory of the app.

inputs.conf
[script://$SPLUNK_HOME/etc/apps/bunit2_clientname_linux/bin/dcconfig.sh]
interval = -1          #run the script only once
disabled = false 

Want to Know More? Contact Aditum’s Splunk Experts.

“We have a demanding development environment and Aditum has delivered top notch support.”

– Large Health Insurance Provider

Aditum’s Splunk Architects, Splunk Administrators, Splunk Developers and Information Security consultants deliver outstanding results to companies like yours every day. From initial installation to managed services, our experts can help you deliver success.

Example batch script:

@echo off
cls
REM
REM dcconfig.bat
REM
REM Description: Windows batch file to update deploymentclient.conf config
REM
REM
echo [deployment-client]                 > “%SPLUNK_HOME%\etc\apps\bunit2_clientname_windows\local\deploymentclient.conf”
echo phoneHomeIntervalInSecs = 60       >> “%SPLUNK_HOME%\etc\apps\bunit2_clientname_windows\local\deploymentclient.conf”
echo clientName = bunit2_%COMPUTERNAME% >> “%SPLUNK_HOME%\etc\apps\bunit2_clientname_windows\local\deploymentclient.conf”
echo                                    >> “%SPLUNK_HOME%\etc\apps\bunit2_clientname_windows\local\deploymentclient.conf”
echo [target-broker:deploymentServer]   >> “%SPLUNK_HOME%\etc\apps\bunit2_clientname_windows\local\deploymentclient.conf”
echo targetUri = xxx.xxx.xxx.xxx:8089   >> “%SPLUNK_HOME%\etc\apps\bunit2_clientname_windows\local\deploymentclient.conf”

:END
echo END

Example scripted input for Windows. The scripted input only executes one time and writes a deploymentclient.conf to the local directory of the app.


[script://$SPLUNK_HOME\etc\apps\bunit2_clientname_windows\bin\dcconfig.bat]
interval = -1                              #run the script only once
disabled = false

Put the files on the Deployment Server. ***Note: Ensure the shell script/batch file have execute permissions (e.g. chmod 755) ***
$SPLUNK_HOME/etc/deployment-apps
      /bunit2_clientname_linux
             /bin/dcconfig.sh
             /local/inputs.conf

      /bunit2_clientname_windows
            /bin/dcconfig.bat
           /local/inputs.conf

  • Add the apps to each of the serverclasses and flag them to restart splunkd
  • Add business unit test servers (example is “bunit2”) to whitelist of each app in the DS to deploy

The clientName parameter should appear in the Forwarder Management screen in the column “Client Name” instead of the GUID.
The clientName has precedence over the actual Host Name column when whitelists and blacklists are evaluated.
This allows for a single blacklist to exclude all servers from a particular serverclass once the clientName is in place (e.g. bunit2*).

*** Important: To actually SEE the clientname show up, you may need to reload or restart the DS or choose “Delete Record”. *** 
*** The next time the forwarder checks in, it should have the clientName instead of the GUID.***

About Aditum

Aditum’s Splunk Professional Services consultants can assist your team with best practices to optimize your Splunk deployment and get more from Splunk.

Our certified Splunk Architects and Splunk Consultants manage successful Splunk deployments, environment upgrades and scaling, dashboard, search, and report creation, and Splunk Health Checks. Aditum also has a team of accomplished Splunk Developers that focus on building Splunk apps and technical add-ons.

Contact us directly to learn more.

Scott Hartwell
Latest posts by Scott Hartwell (see all)
Share this Article

Please Login to Comment.