Hello,
I need to monitor some Oracle Database agent logs with Splunk Universal Forwarder. The base directory for finding the logs is $ORACLE_HOME.
We´re using this configuration to monitor these logs in a Splunk Enterprise environment:
**[monitor://$ORACLE_HOME/log/*/agent/ohasd/oraagent_(grid|oracle)/oraagent_(grid|oracle).log]**
...
I know we could configure ORACLE_HOME env in splunk-launch.conf on each UF instance.
However, we have already installed all Universal Forwarders and we don´t know the $ORACLE_HOME env variable on the UF hosts.
we have about 300 hosts, so we decided to do the above configuration to save time:
**[monitor:///.../log/*/agent/ohasd/oraagent_(grid|oracle)/oraagent_(grid|oracle).log]**
When I execute **splunk list monitor** its listing all directories under **/** partition, even if there is one log file per host.
My questions are:
1 - Does Splunk will really look into all directories under **/**?
2 - If yes, would I have performance problems because the huge amount of directories?
Thanks.
↧