Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can a macro be created for an application based on the application setup.xml?

simpkins1958
Contributor
‎04-14-2016 11:32 AM

Our server can input data into Splunk either via Syslog or Http Event Collector. In our Splunk application, we want the user to be able to specify which method they are using and then create a macro based on that information. This is to handle our legacy Splunk application that currently only uses syslog. With our next release we are adding Http Event Collector too.

We want to configure setup.xml for our application to define a macro based on user input.

A boolean input for "Use Syslog Data"

In macros.conf file:

[DiagnosticsDataSource(1)]
args = diagnosticsType

if "Use Syslog Data" = true

definition = sourcetype=syslog LocalityServer "$diagnosticsType$"

else

definition = sourcetype= "$diagnosticsType$"

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-14-2016 03:09 PM

Have you considered just OR'ing both options statically?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-14-2016 04:28 PM

Great. I've converted the comment to an answer, feel free to mark this as accepted if you're happy.

0 Karma
Reply

simpkins1958
Contributor
‎04-14-2016 03:45 PM

Thanks. This works.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...