Splunk - "host" Replace (inputs.conf)
Log In or Register to download the BES file, and more.

1 Votes

Description

Task used to replace the "serverName" value in misconfigured servers for Splunk.

Property Details

ID25265
StatusProduction - Fully Tested and Ready for Production
TitleSplunk - "host" Replace (inputs.conf)
DomainBESC
SourceInternal
Source Release Date11/28/2014 12:00:00 AM
Keywordssplunk host inputs.conf
Is TaskTrue
Added by on 3/7/2018 6:43:49 AM
Last Modified by on 3/7/2018 6:43:49 AM
Counters 291 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
if windows of operating system then if exists folder "C:\Program Files\SplunkUniversalForwarder" then if exists file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" then not (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase) else false else false else if exists folder "/opt/splunkforwarder" then if exists file "/opt/splunkforwarder/etc/system/local/inputs.conf" then not (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase) else false else false

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
//Define text parameters to be replaced
if {name of operating system contains "Win"}
parameter "textToReplace"="{substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf"}"
elseif {name of operating system does not contain "Win"}
parameter "textToReplace"="{substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf"}"
endif

parameter "newtext"="{computer name}"

//Define path to inputs.conf file needing to be altered
if {name of operating system contains "Win"}
parameter "filePath"="C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf"
elseif {name of operating system does not contain "Win"}
parameter "filePath"="/opt/splunkforwarder/etc/system/local/inputs.conf"
endif

//Delete __appendfile
delete __appendfile

//Iterate through the file replacing lines as necessary
appendfile {concatenation "%0d%0a" of ( if (it contains (parameter "textToReplace" of action as string)) then ((preceding text of first (parameter "textToReplace" of action as string) of it) & (parameter "newtext" of action as string) & (following text of first (parameter "textToReplace" of action as string) of it) ) else it ) of lines of file (parameter "filePath" of action as string)}

//Backup the old file
delete "{parameter "filePath"}.bak"
copy "{parameter "filePath"}" "{parameter "filePath"}.bak

//Replace with the new file
delete "{parameter "filePath"}"
move __appendfile "{parameter "filePath"}"

//Retart the Splunk service
if {name of operating system contains "Win"}
dos "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restart
elseif {name of operating system contains "Linux"}
delete __appendfile
appendfile service splunk restart
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
elseif {name of operating system contains "Sun"}
delete __appendfile
appendfile /opt/splunkforwarder/bin/splunk restart
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
jgstew -
Nice example, thanks!