我想在通用转发器上监视多个日志。我怎样才能做到这一点?另外,当我设置转发服务器时,会出现错误。使用Enable boot-start,我必须手动接受许可证才能完成安装。有什么建议吗?
- name: connect forward server to Splunk server
command: "{{ splunkbin }} add forward-server {{ item }} -auth {{ splunkcreds }}"
with_items: "{{ splunkserver }}"
when: splunkserver is defined
notify: restart_splunk
- name: Enable Boot Start
command: "{{ splunkbin }} enable boot-start"
- name: add temporary monitor to create directory
command: "{{ splunkbin }} add monitor /etc/hosts -auth {{ splunkcreds }}"
notify: restart_splunk
使用以下内容接受许可证而无需提示
- name: Enable Boot Start
command: "{{ splunkbin }} enable boot-start --accept-license"