All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Assign hosts a category/group automatically

springworks
Engager
‎05-30-2014 06:58 AM

Hi!

I have just installed the unix app on some hosts and it seems to be report data as it should.

My issue now is how I group my different hosts in an automatic way. I have a VPC in Amazon Web Services with quite a lot of instances that I want to group by. Many of them are in auto-scaling groups which means new instances can be started at any time.

What I'm looking for is a way to specify on each host what group or category they belong. Maybe set in a config file or with a splunk command, doesn't matter.

Appreciate any help!

Thanks

Reply

araitz
Splunk Employee
Splunk Employee
‎06-04-2014 03:08 PM

Per http://docs.splunk.com/Documentation/UnixApp/latest/User/First-timeconfiguration#Settings:_Categorie...

Use the Settings: Categories page to
add host categories and groups. When
you make these changes, the Splunk App
for Unix and Linux writes them to
$SPLUNK_HOME/etc/apps/SA-nix/lookups/dropdowns.csv.

As such, you can just have your script populate this file directly, maintaining the same column names, column order, etc.

0 Karma
Reply

springworks
Engager
‎06-02-2014 11:47 PM

I already have information on every host to group them by, like hostname. But if that wont suffice, I want to add some tag or something similar in a config that will result in hosts assigning to the correct groups automatically. Not sure if those links you provided @somesoni2 will do that..? Thanks

0 Karma
Reply

somesoni2
Revered Legend
‎05-30-2014 07:13 AM

I believe you may utilize splunk event type/tags for the same, provided you have some common element to group the hosts (name patterns etc).

http://docs.splunk.com/Documentation/Splunk/6.1/Knowledge/defineeventtypes
http://docs.splunk.com/Documentation/Splunk/6.1/Knowledge/TagandaliasfieldvaluesinSplunkWeb

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...