Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Question regarding _meta on multi-tenant hosts

dfurtaw
Path Finder
‎12-10-2020 09:12 AM

Hey guys,

 

I had a quick question that I am unable to get an answer for by googling/doc'ing. If I am wanting to tag a server by using /etc/system/local/inputs.conf, am I able to apply this _meta field to various sources as opposed to only sourcetypes?

 

For example, we are needing to give specific tags to each respective log file location on a server. One location, will have _meta = altci::examplea and the other will have _meta = altci::exampleb.

 

It would look like this:

 

[default]

hostname = $decideOnStartUp

 

[F:\logFiles\inetpub\*.log]

_meta = altci:examplea

 

[C:\logFiles\inetpub\*.log]

_meta = altci:exampleb

 

Reason being is a few of our servers are legacy and host numerous sites/apps. Blah. I know it sucks, but it's a few old servers that are pretty important!

 

Thanks!!

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...