今天修改app 的監控檔案路徑:
1: 因為要建立新的index:in_jiangsu.
是以,我就登入了CM :cluster mastering server:
/opt/splunk/etc/master-apps/app_name/default/indexes.conf
把index: in_jiangsu 加進去:
[in_jiangsu]
homePath = $SPLUNK_DB/in_jiangsu_db/db
coldPath = $SPLUNK_DB/in_jiangsu_db/colddb
thawedPath = $SPLUNK_DB/in_jiangsu_db/thaweddb
frozenTimePeriodInSecs = 31536000
2: 然後重新開機這個boundle 才能使這個new index 生效:
Splunk apply cluster-bundle
3: 登入到indexer 的console 就可以看到生效啦:
4: 登入到ds01 : deployment server: 進入相關的app:
/opt/splunk/etc/deployment-apps/jiabao/default
sh-4.4$ cat inputs.conf
[monitor:///jiangsu]
index = in_jiangsu
disabled = false
ignoreOlderThan = 1d
followTail = 0
5: 使deployment server 上的這個配置生效:splunk reload deploy-server
當然必須是: splunk list deploy-client :
[[email protected] default]# splunk list deploy-client
Deployment Client is enabled.
而上面這個deployment client enable 的條件是: /opt/splunk/etc/system/local/下面:
[[email protected] local]# cat deploymentclient.conf
[deployment-client]
disabled = false
phoneHomeIntervalInSecs = 60
[target-broker:deploymentServer]
targetUri = 172.18.0.6:8089
然後再去client: fd01 :上去看: /opt/splunk/apps/jiabao/defalt,
發現:原來的inputs.conf/ outputs.conf 都沒有了,把deployment server 上面對應剛才app: jiabao 下面的配置已經發送到了client: fd01 上面了。
6: 好,下面去deployment client 下面看 要監控的folder: /jiangsu
Splunk list monitor
Create 一些檔案後,就可以去search head 下面查詢啦~
![Splunk Add-on 碰到證書SSL問題[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)