All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Assign hosts a category/group automatically

springworks
Engager
‎05-30-2014 06:58 AM

Hi!

I have just installed the unix app on some hosts and it seems to be report data as it should.

My issue now is how I group my different hosts in an automatic way. I have a VPC in Amazon Web Services with quite a lot of instances that I want to group by. Many of them are in auto-scaling groups which means new instances can be started at any time.

What I'm looking for is a way to specify on each host what group or category they belong. Maybe set in a config file or with a splunk command, doesn't matter.

Appreciate any help!

Thanks

Reply

araitz
Splunk Employee
Splunk Employee
‎06-04-2014 03:08 PM

Per http://docs.splunk.com/Documentation/UnixApp/latest/User/First-timeconfiguration#Settings:_Categorie...

Use the Settings: Categories page to
add host categories and groups. When
you make these changes, the Splunk App
for Unix and Linux writes them to
$SPLUNK_HOME/etc/apps/SA-nix/lookups/dropdowns.csv.

As such, you can just have your script populate this file directly, maintaining the same column names, column order, etc.

0 Karma
Reply

springworks
Engager
‎06-02-2014 11:47 PM

I already have information on every host to group them by, like hostname. But if that wont suffice, I want to add some tag or something similar in a config that will result in hosts assigning to the correct groups automatically. Not sure if those links you provided @somesoni2 will do that..? Thanks

0 Karma
Reply

somesoni2
Revered Legend
‎05-30-2014 07:13 AM

I believe you may utilize splunk event type/tags for the same, provided you have some common element to group the hosts (name patterns etc).

http://docs.splunk.com/Documentation/Splunk/6.1/Knowledge/defineeventtypes
http://docs.splunk.com/Documentation/Splunk/6.1/Knowledge/TagandaliasfieldvaluesinSplunkWeb

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...