We installed Splunk universal forwarder in mongodb host and started getting logs in Splunk. Can you please let us know how to assign the sourcetype to extract fields for "MongoDB Monitoring" app required format. Also please tell us how to assign specific index for this app, because we are sending all mongod.log to one common index.
Not sure if you need much more than this, but the documentation for the app is on git hub. It says that extractions are based on the mongod sourcetype. And by default, the dashboards search for events in the mongodb index. But you can put them in any index you want and just update the search macros accordingly.
https://github.com/jruaux/mongodb-monitoring#mongodb-logs
Does that help?
Not sure if you need much more than this, but the documentation for the app is on git hub. It says that extractions are based on the mongod sourcetype. And by default, the dashboards search for events in the mongodb index. But you can put them in any index you want and just update the search macros accordingly.
https://github.com/jruaux/mongodb-monitoring#mongodb-logs
Does that help?