Install Through Splunk Deployment Server

This page describes how to install uberAgent in through Splunk’s Deployment Server (see architecture options).

Prerequisites

Install Universal Forwarder as described here. Make sure to specify the Deployment Server name during Universal Forwarder installation.

uberAgent Deployment via Deployment Server

Note: Deployment server can only be used with Splunk Enterprise.

uberAgent

Copy the directory uberAgent_endpoint from the unzipped uberAgent download package to $SPLUNK_HOME\etc\deployment-apps on your deployment server.

Note: $SPLUNK_HOME refers to the base directory of the Splunk installation, typically C:\Program Files\Splunk.

Edit $SPLUNK_HOME\etc\deployment-apps\uberAgent_endpoint\bin\silent-install.cmd, modifying the servers variable so that it contains a list of your Splunk servers. Example:

set servers=splunk1:19500,splunk2:19500

License

If you have a license file for uberAgent copy it into the directory $SPLUNK_HOME\etc\deployment-apps\uberAgent_endpoint\bin.

Serverclass

Create a file called serverclass.conf in $SPLUNK_HOME\etc\system\local on your deployment server. Serverclass.conf defines what to deploy where. For a quick start paste the following content into Serverclass.conf to deploy uberAgent to all Windows machines. You may want to fine-tune this to suit your needs.

# [global]
# We cannot match by machine type here. We'll do that on the app level below.
whitelist.0 = *

# Define a serverclass 
[serverClass:windows]
# Deploy only to Windows machines
machineTypesFilter = windows-*
 
# Define which apps to deploy to the serverclass
[serverClass:windows:app:uberAgent_endpoint]
stateOnClient = enabled
restartSplunkd = true

To make Splunk read the new file serverclass.conf run the following command:

$SPLUNK_HOME\splunk.exe reload deploy-server

Questions?

Do you have questions that were not answered here? Please ask us, we are happy to help!