Updating the 'deploymentclient.conf' on Forwarders to Point to New Deployment Server

[Rick Curry]

I am migrating to a new architecture with my Splunk implementation. In this change I will be creating a new Deployment Server. I want to get this change rolled out to all of my Forwarders but from what I've read in the doc, I cannot update the *$SPLUNK_HOME/etc/system/local/deploymentclient.conf* via the Deployment Server. I have an app called 'deployment_client' that was setup to send config changes to the Forwarder but the etc/system/local copy of deploymentclient.conf trumps any duplicated keyword=value pair so I cannot use that to make this change.

 

Rolling this around in my head I thought -- maybe -- I can create an app in the Deployment Server on the old platform that will send and execute a script that will also carry with it a new version of the deploymentclient.conf with the correct settings and copy that over the existing version of the file then issue a restart command. This app will not exist on the new Deployment Server so this [script: ...] app will be removed from the Forwarders after they restart, connect to the new Deployment Server and "phone home" and get their updates.

 

Does anyone see something I do not or something that I have missed with this idea?

 

Rick