Forums: SplunkGeneral: Deployment clients

Previous Topic: Daily indexed volume is zero?  |   Next Topic: Splunk +Snare


Posts 1–7 of 7  |  Post to this topic
1
gfoden's Mugshot posted by: gfoden  |  posts
date: February 8, 2008
permalink

Hi,

Can you please explain which directory deployment clients download their bundles to? Say a client is a number of class1 and class2, where will it download its bundles?

Thanks

2
araitz's Mugshot posted by: araitz  |  posts
date: February 8, 2008
permalink

The client will download the bundles to splunk/etc/bundles. The files will be in the format class_timestamp.bundle (or something similar, do not have any in front of me at the moment). These .bundle files are tar balls, and the configurations are read out of them, so they are not extracted. You can find copies of these on the server under /splunk/var/run/.

3
gfoden's Mugshot posted by: gfoden  |  posts
date: February 11, 2008
permalink

So if the client receives two bundles for the two classes it belongs to, which configuration takes priority over the other? and what happens to the local bundle?

4
gfoden's Mugshot posted by: gfoden  |  posts
date: February 11, 2008
permalink

OK I'm finding the documentation on deployment servers very confusing: I opted for the deployment model which uses polling. Here are the steps I went through

1) On the deployment server, create a directory called /opt/splunk/etc/modules/distributedDeployment/classes and inside of this, created a directory called R-Server, inside of which are a few *.conf files from this server's local bundle

2) Create deployments.conf in the local bundle of the deployment server

3) Inserted these lines in deployments.conf

[distributedDeployment]
serverClassPath=/opt/splunk/etc/modules/distributedDeployment/classes

  1. Map server classes to host names and IP addresses

[distributedDeployment-classMaps]
lonrs00297 = R-Server

4) On deployment client executed:
splunk set deploy-poll <deployment server IP>:8089

5) Restart deployment client as prompted

6) On deployment server execute
splunk reload deploy-server

and I get this error:
Reloading all known server classes.

An error occurred: No such method name

5
araitz's Mugshot posted by: araitz  |  posts
date: February 12, 2008
permalink

To your first questions, the order of precedence remains local, then bundles in alphabetical order. Thus, anything in local would trump anything in the bundles.

On your problem, it looks like you are doing everything correctly. Can you try removing the hyphen from the name of the class?

6
gfoden's Mugshot posted by: gfoden  |  posts
date: February 12, 2008
permalink

Still no luck after removing the hyphen. In splunk/etc/modules/ there are two folders distributedDeployment and distributedDeploymentClient on both the deployment server and the deployment client.

7
araitz's Mugshot posted by: araitz  |  posts
date: February 12, 2008
permalink

It is normal for those directories to be there, they are there by default.

I would be interested to know if there are any messages in splunkd.log - if not, I wonder if you could reproduce with splunk in --debug.

Post to this topic

You must be logged in to post a reply.










close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: