is there any way to put the value within quote? so that we don't need to update the field extraction if we add or remove field that we want to get.
... View more
Hi All,
We planned to install the SPLUNK4JMX in the universal forwarder so that it runs the app in the local machine of the universal forwarder (UF) and sends the data to the indexer. The reason for this is our JVM is using Java 1.6.0 JDK and we don't want to open the ephemeral port range in firewall for sending the data.
So far we done:
Deployed to UF these folder/files as mention in this Question (https://answers.splunk.com/answers/91051/splunk4jmx-universalforwarder-installation.html
):
SplunkUniversalForwarder/etc/apps/SPLUNK4JMX/bin/*
SplunkUniversalForwarder/etc/apps/SPLUNK4JMX/default/inputs.conf
SplunkUniversalForwarder/etc/apps/SPLUNK4JMX/default/app.conf
SplunkUniversalForwarder/etc/apps/SPLUNK4JMX/logs
SplunkUniversalForwarder/etc/apps/SPLUNK4JMX/local
We set the config.xml to run on host=localhost and rmi port that was set in the JVM.
Currently there isn't any data received in the index, and we are not sure what needs to be put in inputs.conf or if is there are other things that need to be configured for this to work.
UF we use is version 6.4.2
Thanks
https://answers.splunk.com/answers/91051/splunk4jmx-universalforwarder-installation.html
... View more
Hi Iguinn,
thank you for the answer and recommendation. Currently we are monitoring Perfmon and Wineventlog
the reason for us trying to increase the queue is to ensure that we can still get the data for certain duration if the indexer is down. And currently the option for high availability is not viable because of resource constraint. Thanks
regards,
Alvin
... View more
We are trying to increase the size of exec queue since we check that for Perfmon and Wineventlog, it stores the queue there. We don't want to increase the parsingQueue since there are other data that we are forwarding.
I try to set in server.conf:
[queue=exec]
maxSize = 10MB
However, when we monitored the metric.log, the max_size_kb is still 500KB as it original were.
The Forwarder we use is Universal Forwarder 6.4.1
Thanks
... View more