All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stream App - Limit the protocols being indexed from the forwarder/server, not the search head

helius
Path Finder
‎02-19-2015 07:44 AM

Howdy,

I want to monitor NFS wire data using the stream app. Right now, I can enable NFS on the search head and it does obtain NFS for that specific server, as well as every other server I use NFS on. I don't want this. I want to limit what servers actually send their NFS, FTP, and whatever else to the indexers. I'm seeing this may be possible in the streamfwd.xml, but I'm not comprehending the documentation for that file properly as everything I try is not working. There are not enough examples in the documentation....

Can someone point me to the right configuration to use? I wonder is the inputs.conf can be used here...

Edit: I'm wondering now if it's actually a matter of disabling everything but what I want on all hosts in the network that use the stream app. I can puppetize this, but I'll wait to hear back from someone here about how best to achieve this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎02-19-2015 12:42 PM

It is not currently possible to change the protocols captured by specific servers (other than perhaps installing a separate instance of App for Stream and pointing the inputs.conf parameter to it). This is is a commonly requested feature, and high on our roadmap.

View solution in original post

Reply
Solved! Jump to solution
Solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎02-19-2015 12:42 PM

It is not currently possible to change the protocols captured by specific servers (other than perhaps installing a separate instance of App for Stream and pointing the inputs.conf parameter to it). This is is a commonly requested feature, and high on our roadmap.

Reply
Solved! Jump to solution

helius
Path Finder
‎02-19-2015 12:54 PM

Good to know. When would your estimate be on the release of this feature? Maybe this year? Next?

0 Karma
Reply
Solved! Jump to solution

csharp_splunk
Splunk Employee
Splunk Employee
‎02-21-2015 04:24 PM

We can't ever commit to anything, but it's slated for our next release.

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...