We have some VIOS servers that are special-purpose machines that aren't allowed to have a UF installed. I want to hotwire the Splunk_TA_nix scripts to drop their output on an NFS share for Splunk to pick up. Each VIOS server will drop in a different directory under /exports/ and each script will write to a file with it's name (df.sh > df.log) I want df.log to go to index=os, sourcetype=df, source=df ps, iostat, vmstat, etc... This isn't working:
inputs.conf
[monitor:///exports/vio*/*.log]
disabled = 0
followTail = 0
host =
host_segment = 2
index = os
props.conf
[source:.../df.log]
sourcetype = df
TRANSFORMS-viosdf = viosdf
[source:.../psdf.log]
sourcetype = ps
TRANSFORMS-viosps = viosps
transforms.conf
[viosdf]
DEST_KEY = MetaData:Source
FORMAT = source::df
[viosps]
DEST_KEY = MetaData:Source
FORMAT = source::ps