Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Conditionally 'activate' inputs?

briguy
Engager
‎08-19-2011 11:01 AM

Hi all - I'm looking for some advice on managing different combinations of inputs based on server type. For example, some files I want to index on a web server might not exist on a database server. Or, I want to index web logs from a subset of our web servers.

Right now I've addressed this issue using the deployment server, serverClass.conf, and 'applications'. I'm creating a separate application for each item I want to index, then assigning that application to each server as necessary via whitelists/blacklists. As my inputs grow this is becoming a management headache. I'd prefer to maintain a single inputs.conf file and have the forwarder determine which inputs to activate, rather than defining this logic in serverClass.conf and creating all these extra applications. Is this possible? How else could I create these different combinations of inputs?

Thanks!

Tags (3)
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-21-2011 08:45 PM

The recommended way to do this would be what you're already doing, defining server classes and specifying which input apps apply to each server class. I'm not really sure that the logic or management would be any different, since somehow you have to (a) divide the forwarders into various "classes" and (b) define which inputs run on each class. This is done by using different inputs.conf files in different apps. Using something else like puppet or chef or cfengine might be preferable, but having separate files for each independently configurable item is for now the recommended approach.

Reply

balaa
Engager
‎03-22-2012 04:17 AM

Is this still the best approach?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...