Hello, I am test driving splunkstorm and I am very new to the ecosystem. Here is what I am trying to do:
I have web_host, magnet_host, db_host as kinds of machines.
I have prod_tiny, prod_small, prod_large for environments
i would like to do something like this:
Set some search criteria
[monitor]
chef_environment=dev
role=magnet_host
Grab syslog to let us know when OOM becomes active
[monitor:///var/log/syslog]
Grab all our application logs
monitor:///var/log/feedmagnet/]
so that the input from this magnet_host is indexed so I can search on just that while it is also indexed on the environment "dev" so I can also search that way as well.
My goal is to say
"see if this error is common to webservers across all environments"
"see if I am getting any errors in prod_tiny with the release b/f I release to prod_small"
and so on.
Thanks for your time in answering my obviously noob question!
Boyd
... View more