I'm working in an environment where we have the universal forwarder (5.0.5 - old I know) installed on all our systems to collect custom application logs that we can't get via remote syslog.
I have a situation where I need the "Splunk" version of python 2.7 available to an app used by the forwarder (OSSEC). I've been able to recreate the 2.7 install by compiling python 2.7, installing it under /opt/splunk/, and then copying over the ~/site-packages/* files from one of my indexers. But, I have one remaining problem where the forwarder still keeps calling the system version of python.
Is there a way to define the path to python, or otherwise tell the universal forwarder to look for python under /opt/splunk/bin/ vs /usr/bin ?
[if there's already a doc on this I'd gladly appreciate a link!!]
Thanks!
... View more