Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way for Splunk to understand app-specific variables so that the variables usable in input.conf?

Nicholas_Key
Splunk Employee
Splunk Employee
‎04-30-2010 10:13 PM

I'm currently working with inputs.conf and would like to have the stanzas recognize the values that are assigned to the keys in the configuration page (setup.xml).

An example would be

[monitor://WAS_installation_path\profiles\WAS_profile_name\config\cells\WAS_cell_name\*.xml]
sourcetype = WebSphere:CellConfigurationXML
disabled = 0

Please bear in mind that I'm not using the operating system's environment variables but app-specific variables that are defined in the setup.xml

Is there a mechanism to achieve such task?

Reply

jrodman
Splunk Employee
Splunk Employee
‎05-27-2010 09:13 PM

Given that Lowell's understanding of the question is accurate, there's no specific support for doing this.

Options:

  • Parse the string and rewrite components.
  • Construct an inputs.conf or inputs.conf fragment as part of the install
  • Allow those path segements to be wildcards
Reply

Lowell
Super Champion
‎05-11-2010 08:33 PM

I'm guessing that WAS_installation_path, WAS_profile_name and WAS_cell_name are variables that Nicholas is trying to have replaced. Nicholas, care to jump in here?

0 Karma
Reply

jrodman
Splunk Employee
Splunk Employee
‎05-05-2010 09:43 PM

The goal here is to have the setup.xml control the sourcetype assigned in inputs.conf. I'm not sure exactly why though. Manager can modify the sourcetype for an input, so it seems to me you'd want to have the setup.xml somehow make use of the same endpoints, if possible.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎05-02-2010 11:08 PM

I don't understand. Can you clarify? In you example, do you mean that WebSphere:CellConfigurationXML would be replaced with a value that was specified by a user via the setup.xml?

0 Karma
Reply

Lowell
Super Champion
‎04-30-2010 10:26 PM

Hmm. I've always accomplished this with OS variables, which your saying will not work for you. I do wish there were a better way to do this... very good question!

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...