Forums: SplunkAdministration: Windows Mass Deployment

Has anyone ever mass deployed a windows setup to multiple servers in an automated fashion? We have many windows servers and doing this by hand would not be very practical (especially if we try and keep up with minor releases). I have tested manually upgrading each instance, but there is a small amount of user interaction required, usually involving the config files.

I have not done this - usually the client chooses to do this with SMS (since we are a MSI). There are quite a few Windows system management tools that will facilitate a silent install.

Assuming you are deploying with the purpose of making these Splunk instances forwarders, there is really no compelling reason to upgrade the forwarders with each minor release aside from a security vulnerability being announced against splunkd.

You can push them out via GPO easily. You can then set the instance (I am guessing as a forwarder) with a simple VBS script. If you are not familiar with writing vbs scripts I may be able to punch something together for you to assist with this.

GPO does work. The only downside to using GPO versus a more targeted tool like SMS is handling failures, performing inventory checks, etc.

I handle all my inventory checks with a 3rd party inventory software, Spiceworks. GPO works well for me, if I need reporting on the installations I write a VBS script to report to me what I need. Haven't ever used SMS for deployment though, maybe I am missing out ;)

SMS isn't great, but in my experience it makes deploying new software and updates as well as reporting on inventory pretty easy.

Well I can only speak for my environments, pretty small so far >1000 nodes. But my app pushes have always been through GPO and I haven't really looked beyond that since it works to my expectations. I always assumed sms was just another MS project that I didn't need to worry about. I love spiceworks for a free inventory reporting solution and I like Kasaya for a $$$ solution.

Also with splunk, (newbie here), I am assuming the upgrades are just a matter of pushing the data to the folder and restarting the service, this is a simple script with some distribution points to take into consideration a WAN.
That is my reccomendation for an environment with 100ish servers, I have done this many many many times. If your environment is larger then there may be better ways :)
My problem right now is finding a good client to push to all the windows servers. Right now I am looking at pushing SPLUNK in forwarding mode to all my servers. But that method is $$$. What I need is a way to ship event logs to a port on the Splunk server, deployment of any package is trivial.

Thank you for your responses. I will have the desktop team look into building some kind of package to distribute.

@ASW3382 : Which files need to be modified to set it up as a forwarder? I don't mind writing my own script, but if you have one available...

Sorry, just saw your post today :) Did you get this all done? I don't have a script yet. But if you are going to build a package via an msi re-wrapper then you might as well do it at that time.