monitoring for /root/.bash_history works for parti...

heterodyned · ‎07-10-2010

Hello Folks,

I have two copies of inputs.conf, one is under the etc/apps/local directory ( created the local and placed inputs.conf) , now the inputs.conf in the apps directory is actually a copy of the inputs.conf from system/local with minor modifications and additional parameters, now I am tryin to monitor /root/.bash_history/. this monitor works fine if I place it under /etc/system/local/inputs.conf but if i place it inside /apps/local/ , it doesnt work fine, and the same holds true for few other fschange parameters like /home, /etc

any idea? I have placed the ownership for all these under splunk only ..

- Raghu

heterodyned · ‎07-10-2010

This issue got resolved, i was going wrong in creating directory structure, the precedence follows the order of /etc/system/local & /etc/apps/ABCD/local ( i had this placed as /etc/apps/local)

Raghu

hexx · ‎08-09-2010

Absolutely. More detailed information about configuration file precedence can be found in the admin manual :
http://www.splunk.com/base/Documentation/4.1.4/Admin/Wheretofindtheconfigurationfiles

monitoring for /root/.bash_history works for particular copies of inputs.conf (depending on directory structure)

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms