Would like to have the hosts/sources tagged as they are implemented into the system rather than have to go through after the fact and select the specific hosts and then tag them at that time.
I am wondering if anyone has written any scripting into Splunk that identifies a source from a lookup file or something similar and then populates the correct .conf file necessary.
Thanks in advance
Answered -
Generally, I would recommend using lookup tables (which operate on CSV files, which can be easily generated) rather than tags for something like this.
Question - How would we implement the above answer? I am not sure what they are referring to using lookup tables as opposed to tagging?
Thanks again
... View more