Hi,
I am looking to deploy the Splunk_TA_nix to multiple servers. I would like to have different inputs.conf depending on the server type, all deployed from the same deployment server.
There are a few options I have considered:
Has anyone had any experience with this who might be able to lend some advice please?
Thank you, Carl
I usually use way #2 but use $SPLUNK_HOME so that you do not need to worry about the deployment type (Enterprise or Forwarder). This would require pushing both the original Splunk_TA_nix (containing the scripts) and custom Splunk_TA_nix_mycustomtype_inputs applications to the NIX UF's.
[script://$SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin/netstat.sh]
Thanks tsweet; I never considered using that. Very helpful.
I usually use way #2 but use $SPLUNK_HOME so that you do not need to worry about the deployment type (Enterprise or Forwarder). This would require pushing both the original Splunk_TA_nix (containing the scripts) and custom Splunk_TA_nix_mycustomtype_inputs applications to the NIX UF's.
[script://$SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin/netstat.sh]
In this case ,
Do we need to install this add-on on the Linux hosts also? or pushing this configuration from DS to host is enough?
Thanks,
Dharani