Agent management cluster architecture
An agent management cluster consists of multiple agent management servers that share configurations and activities via a shared drive. The agents connect to the pool of agent management servers through a load balancer or DNS mapping.
This diagram illustrates the basic architecture for an agent management cluster that uses a load balancer to connect with the agents. The DNS solution just substitutes DNS mapping in place of the load balancer.
The agents point to the load balancer, rather than directly to a agent management.
The shared drive contains the two directories shared by all agent management servers in the cluster: the deployment_apps directory and a log directory named client_events.
These directories must be mounted on each agent management .
The deployment app bundle contains the usual set of user-defined deployment apps, as well as a system app, _splunk_ds_info. This app is new in Splunk Enterprise version 9.2. It includes the set of server class configuration files, which are shared across agent management servers. Do not directly edit the contents of this directory.
The shared log file directory is named client_events. It is new in version 9.2, and it tracks the agents' phone home events through log entries.