Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use env variables usage in inputs.conf?

damucka
Builder
‎04-16-2019 01:58 AM

Hello,

I would like to use the Unix/Windows env variables in my inputs.conf, e.g. like below:

...
### App server
# 1) dev_*
[monitor:///usr/sap/$SAPSYSTEMNAME/$INSTANCE/work/dev_*]
index=mlbso
disabled=false
interval=15
sourcetype=$SAPSYSTEMNAME_abaptraces
blacklist = dev_icf
...

So, for the above I think that the monitor path definition with the $SAPSYSTEMNAME and $INSTANCE should be fine, but I also want to put it into a system-dependent sourcetype, here ($SAPSYSTEMNAME)_abaptraces and because of the concatenation I guess it will not be properly recognized.
How would I do this correct to get it into my ABC_abaptraces sourcetype?

Kind Regards,
Kamil

0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎04-16-2019 05:58 AM

I don't think there's a way to do what you're trying to do in splunk .conf files. I would question your use case though: a sourcetype usually shouldn't contain a variable. Most knowledge objects are tied to sourcetype, so it should be a fixed value. Why do you need a sourcetype per host, what is the goal here? You already have the field host to distinguish your hosts. The idea behind a sourcetype is that is independent of host and source.

On a side note, if you haven't encountered it yet, you might want to check out splunk-launch.conf for setting custom variables, though that's not going to help you in this case.

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...