First, if this is a repeat question, I apologize. I tried to ask this question a short time ago, but cannot find it anywhere.
The situation is this. I loaded the Splunk Windows Universal Forwarder, (6.3), on a Windows server and would like to update the conf files when needed using a Linux Deployment server also running 6.3. According to the documentation, if I would like to update the inputs.conf or outputs.conf files on the Forwarder, I need to create a directory on the deployment server called `$SPLUNK_HOME/etc/deployment-apps/<some app name>/default/outputs.conf` and inputs.conf first. Then create server classes and add Forwarders.
My question is, is this correct? I was under the impression that changing any file in a "default" directory was frowned upon. Also, when I looked at the `C:\Program Files\SplunkUniversalForwarder\etc\apps` directory on the Forwarder, looking for a mapping application, all I saw was the following;
introspection_generator_addon
learned
search
splunk_httpinput
Splunk_TA_windows
SplunkUniversalForwarder
The files I need to update are in the `C:\Program Files\SplunkUniversalForwarder\etc\system\local` directory on the forwarder. I don't understand how that all maps.
What directory do I need to create in the "deployment-apps" directory on the Deployment server to map to the correct conf files I would like to update?
Thanks in advance.
↧