Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there any way to pass more metadata to the deployment server from universal forwarders?

jbresciani
New Member
‎09-03-2015 11:30 PM

Is there any way to pass more metadata to a deployment server from universal forwarders? I'm thinking either key/value pairs via conf files or something more dynamic like passing facter or ohai information.

0 Karma
Reply

lguinn2
Legend
‎09-04-2015 01:24 PM

Universal forwarders do not pass information to the deployment server - they poll and download information from the deployment server.

When the UF polls the deployment server, it supplies only its identifying information (GUID, etc) and maybe the hashes for its apps. (I am not exactly sure whether the client or the server does the hash comparison.) You cannot customize the info that the UF supplies to the deployment server.

You can put anything that you want in the apps that the UF downloads from the deployment server. The apps must follow the structure for regular Splunk apps.

Bottom line is "no." I don't believe that there is any way to do this.

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...