Nice video. I'm guessing we would then modify the Index.conf file to periodically run a script that updates the monitored file? If I were to update the index.conf file to run a script, would there be a way to make that a part of my App so that I can easily deploy it to other heavy forwarders?
I'm not sure exactly what you want to do, but you would modify the inputs.conf not the indexes.conf file to change the monitored file. And yes you could make the script and the .conf part of an app and push it to other splunk devices like your heavy forwarder. Typically monitoring files is done by a Universal Fowarder not a heavy forwarder, but there are always exceptions such as api calls.
Nice video. I'm guessing we would then modify the Index.conf file to periodically run a script that updates the monitored file?
If I were to update the index.conf file to run a script, would there be a way to make that a part of my App so that I can easily deploy it to other heavy forwarders?
I'm not sure exactly what you want to do, but you would modify the inputs.conf not the indexes.conf file to change the monitored file. And yes you could make the script and the .conf part of an app and push it to other splunk devices like your heavy forwarder. Typically monitoring files is done by a Universal Fowarder not a heavy forwarder, but there are always exceptions such as api calls.
Hey there! been looking for your email. cant seem to find it anywhere. mind lending me a virtual hand lol
Lamecreativeworks@gmail.com