Cisco Cisco Content Delivery System Manager Installation Guide

To configure Splunk on a CDS-IS, complete the following:

Install the Splunk Universal Forwarder. The Splunk software is located at the following location.

http://www.splunk.com/download/universalforwarder

Configure the Splunk Universal Forwarder, as follows:

a) Create the file <Splunk_Home>/etc/system/local/outputs.conf.
b) Open the file and add the following contents:

[tcpout]

disabled = false

defaultGroup = cdnm_lwf

[tcpout:cdnm_lwf]

server = <Analytics Forwarder IP>:9998

compressed = false

c) On the SR node, create the file <Splunk_Home>/etc/system/local/inputs.conf. Open the file and add the following

contents:

[monitor:///local/local1/logs/service_router/service_router_*]

# SR transaction

disabled = false

host_regex = _(\d+\.\d+\.\d+\.\d+)

sourcetype = sr_transaction

index = cdn_transaction

crcSalt = <SOURCE>

[monitor:///local/local1/logs/sedc/sr_ds_counter_*]

# SR Active counter

disabled = false

host_regex = _(\d+\.\d+\.\d+\.\d+)

sourcetype = srs

index = cdn_snapshot

crcSalt = <SOURCE>

d) On the SR node, create the file <Splunk_Home>/etc/system/local/inputs.conf. Open the file and add the following

contents:

[monitor:///local/local1/logs/wmt/extended-wms-90/mms_export_e_wms*]

# WMS transaction

disabled = false

host_regex = _(\d+\.\d+\.\d+\.\d+)

sourcetype = wmt_logplaystats

index = cdn_transaction

crcSalt = <SOURCE>

[monitor:///local/local1/logs/fms_access/fms_access*]

# FMS transaction