Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I read just one file in a app?

approachct
Path Finder
‎07-25-2011 11:21 AM

I want to be able to push down a single application which contains an inputs.conf to monitor files on a Oracle RAC system.

There are three nodes and each system should just read its own file, however the issue is they are on a shared filesystem. Each node is active in this type of cluster. The application would look something like -

 [monitor:///temp/log/abc1/alert_abc1.log]
 ...

 [monitor:///temp/log/abc2/alert_abc2.log]
 ...

 [monitor:///temp/log/abc3/alert_abc3.log]
 ....

Ideally I would want to have a whitelist = specific hostname on each stanza, similar to the syntax in serverclass.conf. It would look something like

 [monitor:///temp/log/abc1/alert_abc1.log]
 whitelist.0 = node1*
 ...

 [monitor:///temp/log/abc2/alert_abc2.log
 whitelist.0 = node2*
 ...

 [monitor:///temp/log/abc3/alert_abc3.log]
 whitelist.0= node3*
 ....

I realize I could push three separate apps, but that will become a maintenance nightmare down the road.

Thanks for any ideas.

Tags (1)
0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎07-25-2011 04:51 PM

If it is on a shared filesystem, why not set up one machine to read all three files, or even set up a dedicated forwarder to monitor the shared file system?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...