Hi Everyone,
i am having problems configuring a splunk app, here are the instructions.
Configure a 'Light Weight Forwarder' on the Nagios server
cd $SPLUNK_HOME/bin (eg. cd /opt/splunk/bin)
./splunk add monitor $NAGIOS_HOME/var/nagios.log -sourcetype nagios -hostname hostname.com
Remember to replace $NAGIOS_HOME with the relevant directory (eg. /opt/nagios)
edit $SPLUNK_HOME/etc/apps/search/local/inputs.conf on the Nagios server and add the following key/value pair:
index = nagios
restart the Splunk LWF agent.
THe problem comes when i try to update the inputs.conf file, the folder this is stored in is owned by ROOT. i have tried Sudo Nano /local/inputs.conf to try and get around not being able to access the folder but nothing i do works.
how do i change this???
the linux box is running a version of Ubuntu Server, and the splunk software has just been installed and configured to run as a Light weight Forwarder.
thanks
Kris
... View more