Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the best way to monitor a random directory?

Crashfry
Path Finder
‎09-10-2018 12:04 PM

With a clustered index environment, we have typically used the deployment server for the push mechanism to the universal forwards etc.

Now on random servers, we want to monitor for specific actions in directories not covered by a previous add-on for say, the linux add on. I want to monitor a random directory — what is the best way to accomplish this?

Is using the add-monitor command individually on the those servers the best way to handle this?

Thanks in advance!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-10-2018 02:18 PM

You shouldn't be allowing anyone, including yourself, to use the CLI to touch your forwarders for that is the path to madness. It's also a potential security hole.

It's better to create a one-off app on the deployment server and push it to the few forwarders that need it. By doing that, you keep all of your configurations in one place (the DS) where they are easier to manage.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-10-2018 02:18 PM

You shouldn't be allowing anyone, including yourself, to use the CLI to touch your forwarders for that is the path to madness. It's also a potential security hole.

It's better to create a one-off app on the deployment server and push it to the few forwarders that need it. By doing that, you keep all of your configurations in one place (the DS) where they are easier to manage.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Crashfry
Path Finder
‎09-11-2018 05:26 AM

Thanks for the response, so your saying when dealing these types of items, the easiest way is having a server class for them, create the input needed to monitor " x " and push out to those for monitoring on that end. I see where that is easier for sure on that end, just a PITA for situations where it's a single log file you want to collect from one or two servers. But i see where your going with it, one and two servers turns into multiple servers down the line..

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎09-12-2018 04:25 AM

Yes, that's what I'm saying. When those one or two servers start behaving oddly, you'll appreciate having all of the configs on the DS and not having to sign in to each one to review their .conf files for errors.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Crashfry
Path Finder
‎09-12-2018 05:31 AM

I appreciate the thoughts and help - have already made the changes and agree this will be a lot easier to manage. So thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...