All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stream App - Limit the protocols being indexed from the forwarder/server, not the search head

helius
Path Finder
‎02-19-2015 07:44 AM

Howdy,

I want to monitor NFS wire data using the stream app. Right now, I can enable NFS on the search head and it does obtain NFS for that specific server, as well as every other server I use NFS on. I don't want this. I want to limit what servers actually send their NFS, FTP, and whatever else to the indexers. I'm seeing this may be possible in the streamfwd.xml, but I'm not comprehending the documentation for that file properly as everything I try is not working. There are not enough examples in the documentation....

Can someone point me to the right configuration to use? I wonder is the inputs.conf can be used here...

Edit: I'm wondering now if it's actually a matter of disabling everything but what I want on all hosts in the network that use the stream app. I can puppetize this, but I'll wait to hear back from someone here about how best to achieve this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎02-19-2015 12:42 PM

It is not currently possible to change the protocols captured by specific servers (other than perhaps installing a separate instance of App for Stream and pointing the inputs.conf parameter to it). This is is a commonly requested feature, and high on our roadmap.

View solution in original post

Reply
Solved! Jump to solution
Solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎02-19-2015 12:42 PM

It is not currently possible to change the protocols captured by specific servers (other than perhaps installing a separate instance of App for Stream and pointing the inputs.conf parameter to it). This is is a commonly requested feature, and high on our roadmap.

Reply
Solved! Jump to solution

helius
Path Finder
‎02-19-2015 12:54 PM

Good to know. When would your estimate be on the release of this feature? Maybe this year? Next?

0 Karma
Reply
Solved! Jump to solution

csharp_splunk
Splunk Employee
Splunk Employee
‎02-21-2015 04:24 PM

We can't ever commit to anything, but it's slated for our next release.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...