splunk手工配置

手工字段提取
/opt/splunk/etc/users/admin/search/local/props.conf
手工添加数据源
/opt/splunk/etc/apps/launcher/local/inputs.conf
[数据源类型]
监控本地文件:monitor://文件路径
监听udp端口 :udp://端口号
监听tcp端口  :tcp://端口号
[monitor:///home/a/data]
disabled = false
followTail = 0
sourcetype = 数据类型
[udp://515]
connection_host = ip
source = 数据源
sourcetype = 数据类型

发表评论

This site uses Akismet to reduce spam. Learn how your comment data is processed.