All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Assign hosts a category/group automatically

springworks
Engager
‎05-30-2014 06:58 AM

Hi!

I have just installed the unix app on some hosts and it seems to be report data as it should.

My issue now is how I group my different hosts in an automatic way. I have a VPC in Amazon Web Services with quite a lot of instances that I want to group by. Many of them are in auto-scaling groups which means new instances can be started at any time.

What I'm looking for is a way to specify on each host what group or category they belong. Maybe set in a config file or with a splunk command, doesn't matter.

Appreciate any help!

Thanks

Reply

araitz
Splunk Employee
Splunk Employee
‎06-04-2014 03:08 PM

Per http://docs.splunk.com/Documentation/UnixApp/latest/User/First-timeconfiguration#Settings:_Categorie...

Use the Settings: Categories page to
add host categories and groups. When
you make these changes, the Splunk App
for Unix and Linux writes them to
$SPLUNK_HOME/etc/apps/SA-nix/lookups/dropdowns.csv.

As such, you can just have your script populate this file directly, maintaining the same column names, column order, etc.

0 Karma
Reply

springworks
Engager
‎06-02-2014 11:47 PM

I already have information on every host to group them by, like hostname. But if that wont suffice, I want to add some tag or something similar in a config that will result in hosts assigning to the correct groups automatically. Not sure if those links you provided @somesoni2 will do that..? Thanks

0 Karma
Reply

somesoni2
Revered Legend
‎05-30-2014 07:13 AM

I believe you may utilize splunk event type/tags for the same, provided you have some common element to group the hosts (name patterns etc).

http://docs.splunk.com/Documentation/Splunk/6.1/Knowledge/defineeventtypes
http://docs.splunk.com/Documentation/Splunk/6.1/Knowledge/TagandaliasfieldvaluesinSplunkWeb

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...