I need to monitor some Oracle Database agent logs with Splunk Universal Forwarder. The base directory for finding the logs is $ORACLE_HOME.
We´re using this configuration to monitor these logs in a Splunk Enterprise environment:
I know we could configure ORACLE_HOME env in splunk-launch.conf on each UF instance.
However, we have already installed all Universal Forwarders and we don´t know the $ORACLE_HOME env variable on the UF hosts.
we have about 300 hosts, so we decided to do the above configuration to save time:
When I execute splunk list monitor its listing all directories under / partition, even if there is one log file per host.
My questions are:
1 - Does Splunk will really look into all directories under /?
2 - If yes, would I have performance problems because the huge amount of directories?