Splunk Deployment Server
Last updated
Last updated
The deployment server is just a Splunk Enterprise instance that has been configured to manage the update process across sets of other Splunk Enterprise instances. Depending on the number of instances it's deploying updates to, the deployment server instance might need to be dedicated exclusively to managing updates. For more information, read "Plan a deployment".
A Splunk Enterprise instance that acts as a centralized configuration manager, grouping together and collectively managing any number of Splunk Enterprise instances. Instances that are remotely configured by deployment servers are called deployment clients. The deployment server downloads updated content, such as configuration files and apps, to deployment clients. Units of such content are known as deployment apps.
The forwarder management interface offers an easy way to configure the deployment server.
In Updating Splunk Enterprise Instances:
noun
A graphical interface built on top of the deployment server that provides an easy way to configure the deployment server and monitor the status of deployment updates.
In Updating Splunk Enterprise Instances:
noun
A Splunk Enterprise instance that is remotely configured by a deployment server. Deployment clients can be grouped together into one or more server classes.
Each deployment client periodically polls its deployment server. If the deployment server has new content for the client's server class, it distributes that content to the polling client.
In Updating Splunk Enterprise Instances:
Depending on what OS you want to install the deployment server on WINDOWS can only work with WINDOWS agents. If you put the deployment server on a LINUX box it will be able to talk to WINDOWS and LINUX.
This is the same installer as the SIEM version it is just going to be configured differently. In the deployment server no log files should be routed there
It is free for the deployment server except for the cloud version of splunk
