November 2018
Beginner
298 pages
7h 51m
English
Content preview from Splunk 7.x Quick Start Guide
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Configuring inputs.conf
Now, we will configure an inputs.conf file to monitor log files and send the entries to Splunk for indexing. In this example case, we have installed a forwarder on an Apache web server running on a Linux host; the web server log files reside in the /var/log/httpd directory – you can see that there is an active and a rolled-over log for both the access and error logs:
[root@ip-172-31-39-242 httpd]# pwd/var/log/httpd[root@ip-172-31-39-242 httpd]# ls -l-rw-r--r-- 1 root root 86698 Aug 5 22:24 access_log-rw-r--r-- 1 root root 576950 Aug 5 02:43 access_log-20180805-rw-r--r-- 1 root root 1000 Aug 5 14:08 error_log-rw-r--r-- 1 root root 3374 Aug 5 03:16 error_log-20180805
To monitor these logs, we need to edit the inputs.conf ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.