Configuring the Splunk Forwarder - ironstream_for_elastic - ironstream_for_kafka - ironstream_for_splunk - 7.4

Ironstream for Splunk®/Kafka®/Elastic® for IBM i Ironstream Integration Components Administration

Product type
Software
Portfolio
Integrate
Product family
Ironstream
Product
Ironstream > Ironstream for Splunk®
Ironstream > Ironstream for Kafka®
Ironstream > Ironstream for Elastic®
Version
7.4
Language
English
Product name
Ironstream Splunk®/Kafka®/Elastic®
Title
Ironstream for Splunk®/Kafka®/Elastic® for IBM i Ironstream Integration Components Administration
Copyright
2022
First publish date
2007
Last updated
2023-08-25
Published on
2023-08-28T08:26:48.055356

See the Splunk documentation to install the forwarder software on the Splunk forwarding server and connect it to the server/indexer. After the forwarder is installed, follow these steps to add the Ironstream Proxy Server to the list of sources for the forwarder:

  1. Edit the inputs.conf file in this directory:

    • On Windows: \Splunk installation directory\etc\system\local\

    • On Linux: /Splunk installation directory/etc/system/local/

(Create a new inputs.conf file in this directory if it does not already exist.)

  1. Add these five lines to the end of the inputs.conf and save the file. On Linux:

[monitor:///var/opt/OV/log/vp400/ev400.insight.*.log*] host_regex = ev400\.insight\.(.+)\.log*

index = IS4i sourcetype = _json disabled = false On Windows:

[monitor://C:\Program Files\EView Technology\EView400i\log\ev400.insight.*.log*]

host_regex = ev400\.insight\.(.+)\.log* index = IS4i

sourcetype = _json disabled = false

If the installation path was changed during the installation, modify the first line to reference the

new path.

  1. The index value should be changed to a site-defined index name.

  2. Restart the Splunk forwarder.

    • On Linux: /Splunk installation directory/bin/splunk restart

    • On Windows: Restart the Splunk forwarder service "splunkd" from the Services utility.