I am trying to do a distributed deployment (multiple search heads and indexers) of the EMC Isilon App and Add-on for Splunk Enterprise and the instructions call for setting it up via Splunk Web.
Can you please provide details on what files to store the Isilon credentials in so I can configure it via the deployment server by editing files directly?
Also, can you provide a sample syslog.conf file instead of that weirdly formatted section in the instructions?
I’d like to be able to point the Isilon at the forwarder using a nonstandard port as well.
Can you provide details on configuring the Isilon syslog output to go to another port instead of just 514? My heavy forwarder is configured with three other ports for syslog data to classify different sources to specific indexes or sourcetypes.
The documentation says to setup the Isilon credentials via Splunk Web I but I'd like to just edit the settings directly on the deployment server and push things as needed to the correct nodes.
Can you please provide instructions on what file to update with credentials?
Additionally, can you please provide information on using a non standard syslog port when configuring syslog setting on the Isilon? (I'd like to have my forwarder pick up logs on a high port dedicated to Isilon logs, so I can parse multiple syslog message sources on one system with different input stanzas.
Thanks!
↧