Hi there. I have used previous versions of ES, and am familiar with importing a CSV of my identities and assets. I just installed 6.0 (clean not upgrade), and loaded the assets and identities from CSV files. Everything works as expected, just like previous versions, and Asset Center shows all my machines correctly. However, every search now returns an error: "The 'asset_lookup_by_cidr' KV Store lookup table is empty or has not yet been replicated to the search peer". The documentation for ES does not seem to be updated for the new KV store lookups, or if it has I cannot locate the search to populate the KV from my "standard" assets file. Probably a simple fix, anyone know the generating search?
... View more
Hello all. I have a bunch of *nix machines which all mount the same shared file server location to write their logs (/mnt/logs for example). For various (mostly political) reasons, it will be very difficult for me to run a UF on the back-end fileserver, so I need to run a forwarder on each server, and only grab the logs for that one server. All the machines have a directory under the common share which matches the hostname of the machine (/mnt/logs/shorthostname). I could, of course, script the creation of inputs.conf on every machine, but it would be difficult to manage - I don't see how I could push a new inputs.conf from the DS.
1.) Is there any way to use a variable inside a monitor stanza that will contain the short hostname?
2.) Is there something similar to host_segment that I could use to set the sourcetype from the log path?
... View more