Configuring Deployment License Server on Splunk Enterprise - cfloquetprojects/homelab GitHub Wiki

Introduction

Today we will be using a Splunk Deployment Server to manage and distribute configurations, apps, and content updates to our Universal Forwarders, but it's important to note that it can also be used to manage other Splunk Enterprise instances like indexers, heavy forwarders, and search heads.

The main steps in this process are the following:

• Create/find atleast one app to deploy to our clients, in our case it will be an app defining the various inputs we'd like to collect on our Windows and Linux based servers.

• Activate the deployment server by placing our custom app into the $SPLUNK_HOME/etc/deployment-apps folder on our dedicated Splunk Deployment/License Server

• Create logical mappings of server classes and deployment clients to distribute the proper apps to their associated server classes.

• Establish connection between the UFs on their associated clients and deployment server to deploy our apps.

Additional Resources:

• Splunk Deployment Best Practice by Patrick Bareiss is a terrific starting point that I used to get my feet wet with these topics

• Splunks' documentation on setting up and configuring a deployment server is also quite useful.

Pre-Flight Check

• Successfully installed Splunk Enterprise v8.2.4 on a RHEL 7 server, while these are not direct prerequisites for this lab, this is my current setup for the purposes of replication if you so choose.

• At least one Windows client as well as one other RHEL 7 instance for us to configure two distinct Windows and Linux server classes to deploy their associated apps onto.