All Apps and Add-ons

Oracle RAC Clustering : Monitoring oracle audit logs

New Member

We have 4 node cluster with Oracle RAC. The audit logs are stored on OCFS2 clustered file system.
Want to import these audit logs in splunk.

If I configure splunk on 4 nodes these files get imported multiple times.

Do splunk have any kind of best practice guide or cluster solution ?

0 Karma

Engager

In inputs.conf on each node specify the alert log for just the instance on that node.
node-n:[monitor://{directoryforalertlog}/alert{SID}n.log]