|
Generally, when I want to add a logfile monitor to a Splunk lightfowarder, I add "monitor" stanzas to the $SPLUNK_HOME/etc/system/local/inputs.conf file, then restart the lightforwarder. Recently I wanted to add a number of new monitors using a script, so I thought it would be easiest to use the CLI command: $SPLUNK_HOME/bin splunk add monitor logfile_path I was surprised to see that "monitor" stanzas were not added to inputs.conf. This happens (or doesn't, as the case may be) on Linux and Windows lightforwarders. The monitor does list though when running: $SPLUNK_HOME/bin splunk list monitor Is this intentional? If so, why? Where does it hold it's monitor information if not in the conf file? It is a problem for me as often use the conf file as a reference for what is being monitored. |
|
Since 4.0, Splunk CLI commands add some configurations to the default app context, which is the You can specify a different app in these cases with a Othewise, the configuration is stored in http://www.splunk.com/base/Documentation/latest/admin/Aboutconfigurationfiles http://www.splunk.com/base/Documentation/latest/Admin/Whatsanapp You can use btool to check all instances of a configuration file and its contents. To list out the contents of all your inputs.conf files, use: ./splunk cmd btool inputs list
(09 Apr '10, 05:35)
the_wolverine ♦
|