Monitoring Splunk

Is there a way for Splunk to understand app-specific variables so that the variables usable in input.conf?

Nicholas_Key
Splunk Employee
Splunk Employee

I'm currently working with inputs.conf and would like to have the stanzas recognize the values that are assigned to the keys in the configuration page (setup.xml).

An example would be

[monitor://WAS_installation_path\profiles\WAS_profile_name\config\cells\WAS_cell_name\*.xml]
sourcetype = WebSphere:CellConfigurationXML
disabled = 0

Please bear in mind that I'm not using the operating system's environment variables but app-specific variables that are defined in the setup.xml

Is there a mechanism to achieve such task?

jrodman
Splunk Employee
Splunk Employee

Given that Lowell's understanding of the question is accurate, there's no specific support for doing this.

Options:

  • Parse the string and rewrite components.
  • Construct an inputs.conf or inputs.conf fragment as part of the install
  • Allow those path segements to be wildcards

Lowell
Super Champion

I'm guessing that WAS_installation_path, WAS_profile_name and WAS_cell_name are variables that Nicholas is trying to have replaced. Nicholas, care to jump in here?

0 Karma

jrodman
Splunk Employee
Splunk Employee

The goal here is to have the setup.xml control the sourcetype assigned in inputs.conf. I'm not sure exactly why though. Manager can modify the sourcetype for an input, so it seems to me you'd want to have the setup.xml somehow make use of the same endpoints, if possible.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

I don't understand. Can you clarify? In you example, do you mean that WebSphere:CellConfigurationXML would be replaced with a value that was specified by a user via the setup.xml?

0 Karma

Lowell
Super Champion

Hmm. I've always accomplished this with OS variables, which your saying will not work for you. I do wish there were a better way to do this... very good question!

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...