- Import Install Splunk UF on Databricks Cluster.ipynb notebook
- url:
https://raw.githubusercontent.com/rzzldzzl/Install-Splunk-UF-on-Databricks-Cluster/master/Install%20Splunk%20UF%20on%20Databricks%20Cluster.ipynb
- url:
- Set Variables (These can also be set in each Cluster's Environmnet Variables Config, BUT, remove them from the init script.)
- ufDlUrl=
"https://download.splunk.com/products/universalforwarder/releases/8.0.2.1/linux/splunkforwarder-8.0.2.1-f002026bad55-Linux-x86_64.tgz"- URL of Splunk UF
- https://www.splunk.com/en_us/download/universal-forwarder.html
- ufDlDir=
"/dbfs/splunkUF"- should be shared location accessible by both the driver and executors.
- ufInstallDir=
"/local_disk0"- driver/executor Splunk UF install dir
- TARGETURI=
"<FQDN of Splunk Deployment Server>:8089"
- ufDlUrl=
- Execute Install Splunk UF on Databricks Cluster notebook to write
splunkUF-init.shinit script. - Configure Splunk UF configs on Deployment Server - see examples
- Indexing Tier
- etc/apps/dbr/local/indexes.conf
- create DBR specifc index
- etc/apps/dbr/local/props.conf
- temporarily disable TRUNCATE
- etc/apps/dbr/local/inputs.conf
- configure inputs
- etc/apps/dbr/local/indexes.conf
- Deployment Server
- etc/deployment-apps/dbr/default/outputs.conf
- configure outputs
- etc/deployment-apps/dbr/default/inputs.conf
- configure inputs
- etc/apps/dbr/local/serverclass.conf
- configure serverclass
- etc/deployment-apps/dbr/default/outputs.conf
- Indexing Tier
- Configure Databricks cluster to run init script
dbfs:/splunkUF/splunkUF-init.sh
-
Notifications
You must be signed in to change notification settings - Fork 1
rzzldzzl/Install-Splunk-UF-on-Databricks-Cluster
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published