About agent management
- "deployment server" is now called "agent management"
- "forwarder management" is now called "agent management"
Additionally, with version 10.0, the "deployment client" has been renamed into "agent". However, the name "deployment client" remains present in commands, attributes and .conf file names throughout this documentation and when interacting with agent management.
Please note that while the names have changed, the underlying functionality remains the same. Additionally new capabilities are introduced.
Splunk Enterprise provides the agent management with its agent management interface, to manage the update process across distributed instances of Splunk Enterprise.
What is agent management?
The agent management is a tool for managing data collection agents. It enables fleet monitoring, including health and status tracking, remote configuration and application deployment, agent version upgrades, and troubleshooting. It retains the core functionality of the deployment server, allowing distribution of configurations, apps, and content updates to groups of Splunk Enterprise instances including forwarders, non-clustered indexers, and search heads. Agent management supports multiple agent types, such as OTel Collectors. The list of supported types of agents will be expanded in the future.
The agent management is just a Splunk Enterprise instance that has been configured to manage the update process across sets of other Splunk Enterprise instances. Depending on the number of instances it's deploying updates to, the agent management instance might need to be dedicated exclusively to managing updates. For more information, read Plan a deployment.
The agent management handles configuration and content updates to existing Splunk Enterprise installations. You cannot use it for initial or upgrade installations of Splunk Enterprise or the universal forwarder. To learn how to install and deploy Splunk Enterprise, see Step-by-step installation procedures for full Splunk Enterprise and Install the universal forwarder software for the Splunk Enterprise universal forwarder. To learn how to upgrade your deployment to a new version of Splunk Enterprise, see Upgrade your distributed Splunk Enterprise deployment in the Installation Manual.
The interface of agent management provides an easy way to configure the agent management and monitor the status of deployment updates. Although its primary purpose is to manage large groups of forwarders, you can use the interface to configure the agent management for any update purposes, including managing and deploying updates to non-clustered indexers and search heads. For more information, see Agent management UI overview.
Is agent management mandatory?
Agent management is not required for managing forwarders and other Splunk Enterprise instances. If you prefer, you can use a third-party tool, such as Chef, Puppet, Salt, or one of the Windows configuration tools.
What the agent management offers
The agent management makes it possible to group Splunk Enterprise components by common characteristics and then distribute content based on those groups.
For example, if you've got Splunk Enterprise instances serving a variety of different needs within your organization, it's likely that their configurations vary depending on who uses them and for what purpose. You might have some instances serving the help desk team, configured with a specific app to accelerate troubleshooting of Windows desktop issues. You might have another group of instances in use by your operations staff, set up with a few different apps designed to track network issues, security incidents, and email traffic management. A third group of instances might serve the Web hosting group within the operations team.
Rather than trying to manage and maintain these divergent Splunk Enterprise instances one at a time, you can group them based on their use, identify the configurations and apps needed by each group, and then use the agent management to update their apps and configurations when needed.
In addition to grouping Splunk Enterprise instances by use, there are other useful types of groupings you can specify. For example, you might group instances by OS or hardware type, by version, or by geographical location or timezone.
A key use case is to manage configurations for groups of forwarders. For example, if you have forwarders residing on a variety of machine types, you can use the agent management to deploy different content to each machine type. The Windows forwarders can get one set of configuration updates; the Linux forwarders another, and so on.
Agent management and clusters
You cannot use agent management to update indexer cluster peer nodes or search head cluster members.
Indexer clusters
Don't use agent management to manage configuration files across peer nodes (indexers) in an indexer cluster. Instead, use the configuration bundle method. You can, however, use agent management to distribute updates to the manager node, which then uses the configuration bundle method to distribute them to the peer nodes. See Update common peer configurations in the Managing Indexers and Clusters of Indexers manual.
Search head clusters
Don't use agent management to update search head cluster members.
Agent management is not supported as a means to distribute configurations or apps to cluster members. To distribute configurations across the set of members, you must use the search head cluster deployer. See Use the deployer to distribute apps and configuration updates in the Distributed Search manual.
Remote Upgrader
The Remote Upgrader is a tool used to automate the upgrade process of Splunk forwarders. It simplifies the upgrade process by allowing administrators to upgrade multiple instances simultaneously from a central location. The Remote Upgrader is designed to work in conjunction with agent management to maximize its potential and it should be considered as a capability of agent management. For more information about Remote Upgrader, see About the Splunk Remote Upgrader for Linux Universal Forwarders.