I followed the instructions at this page to integrate universal forwarder data in S.o.S.
It works great. I see resource usage and lots of good data. However I can't see the forwarder's config files in the S.o.S Config viewer. Any way to get that part working?
Not at this time. The configuration file viewer of the S.o.S app relies on a custom search command (btool.py
) and therefore on distributed search to layer and read configuration. Forwarders not being search peers, the app doesn't have on-demand access to their configuration.
We are, however, looking at ways to expose at least the major configuration files found on forwarders by means of new inputs to the S.o.S technology add-on.
Not at this time. The configuration file viewer of the S.o.S app relies on a custom search command (btool.py
) and therefore on distributed search to layer and read configuration. Forwarders not being search peers, the app doesn't have on-demand access to their configuration.
We are, however, looking at ways to expose at least the major configuration files found on forwarders by means of new inputs to the S.o.S technology add-on.
Unfortunately, we haven't got around to implement this yet. We also haven't seen enough demand for it to justify the considerable effort it would take to satisfy this requirement.
Fast forward to 2014..
Is it possible now to view conf files of forwarders by installing the sos add-on to the splunk forwarders?
@micwhite : Yes, it would. The same applies to search-heads which are not search-peers of each other.
Would this also apply to other search heads that are not part of search head pooling? We have several stand-alone search heads deployed for use by different teams. I'm not able to view their config files either.
I wholeheartedly agree!
Thanks. Would be a great feature for distributed deployments.