I've broken my splunk module in splunk::client for the forwarder and splunk::server for the server. Both inherit splunk which realizes the user and group, i don't let the splunk packages create them cuz they're created as non-system accounts which collide with ldap accounts, and creates the init script, again modified since I don't like the supplied one. The client also creates the deploymentclient.conf so we can push what to monitor from the splunk server.
No need to add forward-server or any of that other stuff. -- Later, Darin On Tue, Jan 8, 2013 at 10:01 AM, Brendan Murtagh <brendan.r.murt...@gmail.com> wrote: > Good morning, > > We've been testing PE and beginning developing modules for our > infrastructure. One of the modules I'm looking to create is an installation > for Splunk, with the primary focus at this time, on the Forwarder. I already > have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package being > fetched from the Master and also performing the installation via dpkg. I > need help brainstorming/figuring out the best way to handle the rest of the > installation/configuration commands. Here is the guide I was given to > complete the installation for the Splunk Forwarder: > > dpkg -i splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb > > source /opt/splunkforwarder/bin/setSplunkEnv > > splunk start > > splunk add forward-server 10.1.1.45:9996 > Splunk username: admin > Password: password > > splunk restart > > splunk enable boot-start > > cd /data/apps/ror/pws/current/log > > splunk add monitor . > > edit /opt/splunkforwarder/etc/apps/search/local/inputs.conf > > Add the following lines: > > inputs.conf for the web servers > [monitor:///var/log] > disabled = false > > [monitor:///data/apps/ror/pws/shared/log/leads.log] > disabled = false > sourcetype = est_appts > > [monitor:///data/apps/ror/pws/shared/log/audit.log] > disabled = false > sourcetype = salesbooks > > [monitor:///data/apps/ror/pws/shared/log/production.log] > disabled = false > sourcetype = rails > > [monitor:///data/apps/ror/pws/shared/log/call_attempts.log] > disabled = false > sourcetype = call_attempts > > [monitor:///data/apps/ror/pws/shared/log/call_selection.log] > disabled = false > sourcetype = call_selection > > > I'm ok using a template/content parameter for handling the > /opt/splunkforwarder/etc/apps/search/local/inputs.conf file. What are some > of the recommended ways for handling the install steps prior to the > inputs.conf edits? > > Thanks, > > Brendan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/J01GCHL_T7MJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.