Configuring the Splunk Forwarder - Ironstream_Hub

Configuring the Splunk Forwarder - Ironstream_Hub - 1.3.2

Ironstream Hub Administration

Product type

Software

Portfolio

Integrate

Product family

Ironstream

Product

Ironstream > Ironstream Hub

Version

1.3.2

Language

English

ContentType

Administration

Product name

Ironstream Hub

Title

Ironstream Hub Administration

Topic type

Administration

First publish date

2022

Refer to the Splunk documentation to install the forwarder software on the Splunk forwarding server and connect it to the server/indexer. After the forwarder is installed, follow these steps to add Hub to the list of sources for the forwarder:

Edit the inputs.conf file in this directory:
- On Linux: /Splunk installation directory/etc/system/local/
- On Windows: \Splunk installation directory\etc\system\local\
Create a new inputs.conf file in this directory if it does not already exist.

Add these five lines to the end of the inputs.conf and save the file.

On Linux:

[monitor:///<install location>/log/<hostname>\.<type of file>\.(.+)\.log]
host_regex = <hostname>\.<type of file>\.(.+)\.log
index = <desired index>
sourcetype = _json
disabled = false

On Windows:

[monitor://<install location>\log\<hostname>\.<type of file>\.(.+)\.log]
host_regex = <hostname>\.<type of file>\.(.+)\.log
index = <desired index>
sourcetype = _json
disabled = false

If the installation path was changed during the installation, modify the first line to reference the new path.

The index value should be changed to a site-defined index name.
Restart the Splunk forwarder.
- On Linux: Splunk installation directory/bin/splunk restart
- On Windows: Restart the Splunk Forwarder service “splunkd” from the Windows Services utility.