I want to update the apps from my main server called A to client B without installing the apps and then install the apps from B to C.
Server A : Linux -- Main Indexer server on 4.2.3 with serverclass.conf / send apps to B
Server B : Linux -- SplunkForwarder (Forward to A and receive from C)/ receive apps from A /
send apps to C
Machine C : Windows -- SplunkUniversal Forwarder (Forwarder to B)
The apps from Server A to B it's ok. But I want to update apps which have to be installed on Machine C. Therefore I want to send the apps to Server B in etc/deployed-apps and then add a serverclass.conf to install the apps to the Windows machine. But it seems when I configured to send the Windows apps from A -> B, adding the new targetlocation etc/deployed-apps it tried to install the apps on the Linux machine! Is there a way to just push the windows apps from A - > B without install and then install it from B to C?
Many thanks for your support
... View more
I'm trying to find a way to catch the number 0018F3D97D02BBA0517E001A&0 which before the last backslash.
I put an extract of the line I want to a reg on it.
Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Kingston&Prod_DT_R500&Rev_PMAP\0018F3D97D02BBA0517E001A&0
The reg command I used is the following:
| rex field=_raw "USBSTOR.*_(?<USBID>......?)"|
I just want to extract all data after the last backslash.
... View more