A previous splunk admin had some daily search reports in PDF format coming from the splunk server (version 6.6.4 running on Windows 2012) being sent to a remote NFS file share on a Linux file server.
The NFS file share was moved to a different host, which broke sending the daily reports.
Fixing it should be easy - just edit the script that's sending the reports to the NFS share and point to the new host, but I'm pretty new to splunk and can't figure out where such a configuration might be.
Where would the normal location be for such a script to reside? Or, how would that be configured within the Splunk GUI console?
Thanks in advance
Oh, I finally figured it out. The previous admin had configured scripts on the remote share to pull the reports from the Splunk server - the Splunk server wasn't pushing the reports to the NFS share.
Thank you to richgalloway for the response
Oh, I finally figured it out. The previous admin had configured scripts on the remote share to pull the reports from the Splunk server - the Splunk server wasn't pushing the reports to the NFS share.
Thank you to richgalloway for the response
Go to Settings->Searches, reports, and alerts and look for the report name. Edit the report query to see where the results are saved. Create a new NFS mount point at that location.
I don't see any field where you enter an NFS mount. Do you specify a destination where you want the report to go at the end of the query string (as I've seen mentioned in some other related posts?)
Because this splunk server is running on Windows and doesn't have a native NFS client, does the splunk application handle the NFS communication?