Hello
In parallel to understanding persistence for MongoDB indexes I tried to install the MongoDB app on my splunk 6.2 (enterprise).
The version 104 seems to have a problem (comes as a .zip
and does not to install as it, or as a .tar.gz
or .tgz
(which it really is) -- I opened a ticket on that), so I tried version 103 which installed fine.
I do not have the "Virtual Indexes" entry in "Settings", though.
So I tried to directly edit /opt/splunk/etc/apps/MongoDBApp/default/indexes.conf
, according to the doc:
(no changes above that line)
vix.mongodb.host = mongodb.mydomain:27017
[mongodb_vix]
vix.provider = local-mongodb
vix.mongodb.db = ssh
vix.mongodb.collection = ssh
vix.mongodb.field.time = _id
vix.mongodb.field.time.format = ObjectId
There is no authentication, the database is ssh
and the collection within that database is also called ssh
.
After restarting splunk I do not get any data when doing a search on index=mongodb_vix
.
Is there a way to debug the connection? The setup is quite straightforward so I would really appreciate some hints on where to look for issues.
Thank you!
You need to install the Hunk Application instead of Splunk to have the Virtual Indexes: http://www.splunk.com/download/hunk