The Effective Configuration Add-On saves time and eliminates the need to contact other teams if you’re not managing all Splunk elements, helping you access the information you need in seconds instead of days.
Using the Effective Configuration Add-On also allows you to view the current effective configuration on selected agents and check parameter’s values set in the following files:
inputs.confoutputs.confdeploymentclient.confserver.conf
Installation
You have to download the application for Effective Configuration, then untar the .tgz file in etc/deployment-apps ont the Agent Management server:
tar zxvf /tmp/splunk-add-on-for-effective-configuration_101.tgz -C /opt/splunk/etc/deployment-apps
Then you have to add it to a serverclass to deploy it on agents. Please check the “Restart agent” toggle button.
Usage
As soon as it is deployed and the UF restarted, you can go to Settings/Agent Management on your Agent Management server (formerly called Deployment Server)
You will see your Agent Management page with your Forwarders, Applications and Server Classes.
You can click on a specific forwarder (Client Name column link) and you will have details about your forwarder. You will also see 3 tabs. The first one are the Details, the second one is the Applications installed on it, and the 3rd one is the Effective Configuration of that forwarder, collected by the Effective configuration Add-On we installed before.
Details Tab:
Applications Tab:
Effective Configuration Tab:
You can notice that you have 4 buttons :
- Inputs
- Outputs
- Deployment Client
- Server
and a field you can type in for searching specific elements.
By default, the “Show default values” is not toggled, showing only the non-default configuration. If you toggle it, the default values will appear but in grey, that allows you to easily see the difference between default and non-default values:
You can download the effective configuration of the forwarder by clicking the big blue button at the top right. It will create a .zip file that will be downloaded through your browser.
This .zip file contains 4 files: inputs.conf, outputs.conf, deploymentclient.conf and server.conf
Conclusion
This addon is very interesting for Splunk admins. I met several clients that have forwarders on their infrastructure but no access to them except through the Splunk Agent Management Server (aka Deployment Server), and getting the Effective Configuration for these forwarders can sometimes be difficult as they are managed by other business entities. Having that feature can be a great improvement for them, or even for Splunk support or Splunk Professional Services.