Topics

| pdf version

How Splunk Works

Getting Started

Data Inputs

Data Distribution

Indexing

Timestamps

Fields

Hosts

Source Types

Event Types

Search

Distributed Search

Security

Data Management

Deployment Server

Performance Tuning

Configuration Files

Applications

Reference

Troubleshooting


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Configure server classes

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6

Configure server classes

Deployment clients receive configurations via server class membership. A deployment client may be a member of multiple server classes at once, depending on which configurations updates it should be aware of. Group clients by application, OS, data type to be indexed or any other feature of your Splunk deployment. Servers class configurations are kept on the deployment server in subdirectories of $SPLUNK_HOME/etc/modules/distributedDeployment/classes/. Each subdirectory stores unique configurations for each server class.


For example, you have a class called syslog. Its configurations are stored in $SPLUNK_HOME/etc/modules/distributedDeployment/classes/syslog. The ../syslog/ directory contains an inputs.conf that specifies only syslog input. It also contains an outputs.conf, forwarding data to a centralized Splunk instance (see data distribution for more information). Each server class directory can contain any number of applicable configuration files.


Every deployment client is automatically a member of two server classes:


  • Default:
    • The _default server class lets the administrator target all deployment clients without having to specifically set a name for each individual client.
  • Hostname:
    • The 'hostname' server class is determined at startup time by the hostname of the deployment client. For example, if the deployment client is www01, the hostname server class becomes _www01 for that machine.
    • This server class allows for deploying bundles to individual machines.
    • If the word 'localhost' appears anywhere in the name, the host name class is not set for this server.

Configuration

Set up server class maps in deployment.conf on the server side. Edit deployment.conf in $SPLUNK_HOME/etc/bundles/local/ (or create a deployment.conf for the server using instructions here). Specify server class settings under the [distributedDeployment-classMaps] stanza heading. 


[distributedDeployment-classMaps]
$IP_RANGE1 | $DNS1 = $SERVER_CLASSA, $SERVER_CLASSB
$IP_RANGE2 | $DNS2 = $SERVER_CLASSC
...
  • Map IP addresses or DNS entries to server classes.
  • You can put a wildcard (*) anywhere in the string.

Example

Add the following stanza to $SPLUNK_HOME/etc/bundles/local/deployment.conf. 


[distributedDeployment-classMaps]
10.2.*.5 = apache, security
192.*.*.* = syslog
www.others* = the_others, web, apache
Retrieved from "http://www.splunk.com/base/Documentation/3.2/Admin/ConfigureServerClasses"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.