of course, keep in mind I'm not all that familiar with splunk config. This splunk infrastructure was passed down to me.
I installed PureStorage app and the TA. They were installed on a indexer and heavy forwarder, our infrastructure consists of 6 indexers, 6 search heads, 1 cluster master, 1 deployment server, and 2 heavy forwarders. To answer your inputs question, how do I look that up? is it under the installed app (inputs.conf). Where do I look for issues in the logs? is it the ones in splunkhome/var
And, yes...I can see the data on the appliances and splunk would just feed off of that I suppose
The app should be installed on all search heads. Install the TA on both heavy forwarders.
Inputs will be defined in the TA under $SPLUNK_HOME/etc/apps/<app-name>/default/inputs.conf and $SPLUNK_HOME/etc/apps/<app-name>/local/inputs.conf. You may also find it in the HF's UI under Settings->Data inputs.
The best way to look at the logs is by using Splunk. Search for
index=_internal source="*splunkd.log"
Have you seen the Inherited Deployments manual at https://docs.splunk.com/Documentation/Splunk/7.3.0/InheritedDeployment/Introduction ?
Thanks for the information.
This is what I'm getting from the logs
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/PureStorage-TA/bin/PureStorage_rest.py" /opt/splunk/etc/apps/PureStorage-TA/bin/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
how do I go about fixing this?