I need to monitor 5 Servers and 3 of them have sam...

Aravindhavks · ‎12-28-2016

I was trying to create an inputs.conf for an application which has 5 servers , what way can be followed to construct the inputs and how it can be deployed

gcusello · ‎12-28-2016

Hi Aravindhavks,
I'm describing the process to create and distribute an inputs.conf without knowing your paths, but you can adapt it to your needs:

at first you have to define the exact file targets in your servers and for each one index and sourcetype you like (I suggest to put them in an Excel sheet).

After you have to create an inputs.conf like this (or inserting your different needs):

[monitor:///path1/log1.log]
disabled=0
index=your_index
sourcetype=your_sourcetype

[monitor:///path2/log2.log]
disabled=0
index=your_index
sourcetype=your_sourcetype

[monitor:///path3/log3.log]
disabled=0
index=your_index
sourcetype=your_sourcetype

[monitor:///path4/log4.log]
disabled=0
index=your_index
sourcetype=your_sourcetype

[monitor:///path5/log5.log]
disabled=0
index=your_index
sourcetype=your_sourcetype

Obviously you can aggregate some inputs (if they have a common path) and you can specify different sourcetypes for different inputs: e.g. monitor:///path1/log*/*.log.

After you have to insert this inputs.conf in a Technology Add-On (TA) and deploy it on your servers manually or using a deployment server.

Bye.
Giuseppe

I need to monitor 5 Servers and 3 of them have same log path, can any one please help me how can i frame the inputs.conf for these 5 servers

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...