Environment variable used in search

fresned · ‎07-29-2011

How do you set up an Environment variable to be used as part of the path for your data?
I set an environment variable on the system and when I try and use the environment variable I receive an error. The error is :Encountered the following error while trying to save :in handler: machine name: Parameter name : Path must be absolute. The default datasources splunk uses have a set Environment variable as part of there location: $SPLUNK_HOME/etc/splunk.version. Any assistance would be great.

fresned · ‎07-29-2011

Yes where and how is $SPLUNK_HOME defined. I'm trying to define a value $FOO. in the bash shell i have defined export FOO='/opt/test/test1/' I can echo $FOO and get /opt/test/test1/. but splunk returns the error in handler: machine name: Parameter name : Path must be absolute

mw · ‎07-29-2011

Try setting your variable in $SPLUNK_HOME/etc/splunk-launch.conf and restarting. That may do it.

mw · ‎07-29-2011

Do you mean within the context of an input?

# inputs.conf
[monitor://$SPLUNK_HOME/etc/apps/cisco/logs/cisco_firewall.log]

Environment variable used in search

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!