Databases Reference
In-Depth Information
•
indexerbase
° Assuming all indexers are configured the same way, this app would
contain a standard
indexes.conf
configuration, an
inputs.conf
configuration specifying the
splunktcp
port to listen to connections
from Splunk forwarders, and
server.conf
specifying the address of
the Splunk license server.
Let's look through an abbreviated listing of all of these files mentioned:
• For forwarders, we will need these apps:
inputs-web
local/inputs.conf
[monitor:///path/to/web/logs/access*.log]
sourcetype = web_access
index = web
[monitor:///path/to/web/logs/error*.log]
sourcetype = web_error
index = web
inputs-app
local/inputs.conf
[monitor:///path/to/app1/logs/app*.log]
sourcetype = app1
index = app
[monitor:///path/to/app2/logs/app*.log]
sourcetype = app2
index = app
inputs-db
local/inputs.conf
[monitor:///path/to/db/logs/error*.log]
sourcetype = db_error
outputs-west
local/outputs.conf
[tcpout:west]
server=spl-idx-west01.foo.com:9997,spl-idx-west02.foo.com:9997
#autoLB=true is the default setting
outputs-east
local/outputs.conf
[tcpout:east]
server=spl-idx-east01.foo.com:9997,spl-idx-east02.foo.com:9997
Search WWH ::
Custom Search