Step 5 - mapping these apps to deployment clients in serverclass.conf

To get started, I always start with example 2 from SPLUNK_HOME/etc/system/README/serverclass.conf example:

[global] 
[serverClass:AppsForOps] 
whitelist.0=*.ops.yourcompany.com 
[serverClass:AppsForOps:app:unix] 
[serverClass:AppsForOps:app:SplunkLightForwarder] 

Let's assume that we have the machines mentioned next. It is very rare for an organization of any size to have consistently named hosts, so I threw in a couple of rogue hosts at the bottom, as follows:

spl-idx-west01 
spl-idx-west02 
spl-idx-east01 
spl-idx-east02 
app-east01 
app-east02 
app-west01 
app-west02 
web-east01 
web-east02 
web-west01 
web-west02 
db-east01 
db-east02 
db-west01 
db-west02 
qa01 
homer-simpson 

The structure ...

Get Implementing Splunk 7 - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.