Last active
September 19, 2016 16:35
-
-
Save andyzib/832d1483540b064452a257fa3d0621e5 to your computer and use it in GitHub Desktop.
Edits Splunk Universal Forwarder config files to change the log source name. Useful for Citrix MCS and PVS images.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Edits the SplunkUniversalForwarder config files to put in the correct hostname, restarts the service. | |
Running as an Windows Startup Script is reccomended. | |
#> | |
# Target files and strings, thank you grep for windows. | |
# C:\Program Files\SplunkUniversalForwarder\etc\system/local/inputs.conf:host = servernamehere | |
# C:\Program Files\SplunkUniversalForwarder\etc\system/local/server.conf:serverName = servernamehere | |
# First, cehck that the Universal Forwarder is installed. | |
if (-Not (Test-Path -Path "$env:ProgramFiles\SplunkUniversalForwarder\bin\splunkd.exe" -PathType Leaf)) { | |
Exit # Nothing to do. | |
} | |
$CONFinputs = "$env:ProgramFiles\SplunkUniversalForwarder\etc\system\local\inputs.conf" | |
$CONFserver = "$env:ProgramFiles\SplunkUniversalForwarder\etc\system\local\server.conf" | |
# Open inputs.conf ($CONFinputs) for writing. | |
$content = Get-Content $CONFinputs | |
#RegExp Pattern | |
$pattern = 'host = (.+).*' | |
$replacment = "host = $env:COMPUTERNAME" | |
$content = $content -replace $pattern,$replacment | |
# Write the new config file. | |
$content | Set-Content $CONFinputs | |
# Open server.conf ($CONFserver) for writing. | |
$content = Get-Content $CONFserver | |
#RegExp Pattern | |
$pattern = 'serverName = (.+).*' | |
$replacment = "serverName = $env:COMPUTERNAME" | |
$content = $content -replace $pattern,$replacment | |
$content | Set-Content $CONFserver | |
# Restart the Service. | |
Restart-Service -Name SplunkForwarder |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment