![]() By doing so, we can manage the indexers' configurations via master by managing apps in the /etc/master-apps directory on the master node.In this case, we need to modify deployment client for master to pull the apps to the /etc/master-apps directory instead of etc/apps ( modify wrt other deployment clients on the forwarders where forwarders pull the apps from the DS and store in /etc/apps). In Indexer Cluster deployment, the indexers will be managed by the master node and the master node can be managed through DS.No configuration should be kept in /etc/system/local as far as possible because the configurations stored at this location take the highest precedence and these configurations cannot be managed centrally through deployment server. If the configurations are stored in /etc/system/local, changes to the configuration files need to be applied/configured individually for each forwarder (and indexers)by changing the configuration files directly on them.Understanding of the various config files and their basic functionĪll the configurations for the components of the Splunk ( Universal Forwarders, Heavy Forwarders, Intermediate forwarders, Indexers (through Master) ) should be managed centrally through Deployment Server (DS).Basic understanding of key components of the Splunk ( Universal forwarders, Indexers, Search Heads, Master node, Intermediate forwarders etc) and how they work in tandem.This summary/article is based on the "single-site indexer cluster with multiple search heads" architecture.This article does not focus on those configuration aspects as well. Splunk takes many attributes and values from multiple files from the directory structure based on the precedence, so many of the configuration-attributes and values-picked up from the default configuration.It does not get in to the details of the configuration itself but instead it focuses on how we can manage the configuration files efficiently.It specifically focuses on how we can carve out key parameters of the configuration files and create the base apps for the Splunk components and manage them more efficiently through centralised mechanism.It emphasises on having the base configuration apps in place for the various components of the Splunk and how these base configs should be managed efficiently through centralised mechanism.This article is about the configuration best practices and it does not include the architectural discussion.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |