How to use env variables usage in inputs.conf?

damucka · ‎04-16-2019

Hello,

I would like to use the Unix/Windows env variables in my inputs.conf, e.g. like below:

...
### App server
# 1) dev_*
[monitor:///usr/sap/$SAPSYSTEMNAME/$INSTANCE/work/dev_*]
index=mlbso
disabled=false
interval=15
sourcetype=$SAPSYSTEMNAME_abaptraces
blacklist = dev_icf
...

So, for the above I think that the monitor path definition with the $SAPSYSTEMNAME and $INSTANCE should be fine, but I also want to put it into a system-dependent sourcetype, here ($SAPSYSTEMNAME)_abaptraces and because of the concatenation I guess it will not be properly recognized.
How would I do this correct to get it into my ABC_abaptraces sourcetype?

Kind Regards,
Kamil

jeffland · ‎04-16-2019

I don't think there's a way to do what you're trying to do in splunk .conf files. I would question your use case though: a sourcetype usually shouldn't contain a variable. Most knowledge objects are tied to sourcetype, so it should be a fixed value. Why do you need a sourcetype per host, what is the goal here? You already have the field host to distinguish your hosts. The idea behind a sourcetype is that is independent of host and source.

On a side note, if you haven't encountered it yet, you might want to check out splunk-launch.conf for setting custom variables, though that's not going to help you in this case.

How to use env variables usage in inputs.conf?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!