Functional differences between *nix and Windows in Splunk operations
Contents
Functional differences between *nix and Windows in Splunk operations
This topic clarifies the functional differences that you'll encounter between *nix and Windows operating systems, under the context in which they matter in Splunk operations. It does not delve into technical comparisons of - or advocacy for - either flavor of OS, but rather explains why you'll see things referenced one way or another on various OS-specific Splunk manual pages.
Paths
A major difference in the way that *nix operating systems handle files and directories is the type of slash used to separate files or directories in the pathname. *nix systems use the forward slash, ("/"). Windows, on the other hand, uses the backslash ("\").
An example of a *nix path:
/opt/splunk/bin/splunkd
An example of a Windows path:
C:\Program Files\Splunk\bin\splunkd.exe
Environment variables
Another area where the operating systems differ is in the representation of environment variables. Both systems have a way to temporarily store data in one or more environment variables. On *nix systems, this is shown by using the dollar sign ("$") in front of the environment variable name, like so:
# SPLUNK_HOME=/opt/splunk; export $SPLUNK_HOME
On Windows, it's a bit different - to specify an environment variable, you need to use the percent sign ("%"). Depending on the type of environment variable you are using, you may need to place one or two percent signs before the environment name, or on either side of the name.
> set SPLUNK_HOME="C:\Program Files\Splunk" > echo %SPLUNK_HOME% C:\Program Files\Splunk >
To set the %SPLUNK_HOME% variable in the Windows environment, you can do one of two things:
- Edit
splunk-launch.confin %SPLUNK_HOME%\etc.
- Set the variable by accessing the "Environment Variables" window. Open an Explorer window, and on the left pane, right-click "My Computer", then select "Properties" from the window that appears. Once the System Properties window appears, select the "Advanced" tab, then click on the "Environment Variables" button that appears along the bottom window of the tab.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.
Would you show more sample expressions ?
I wonder how should I describe the expression to set an path name to the host using inputs.conf.
(http://www.splunk.com/base/Documentation/4.2.1/Data/Setadefaulthostforaninput)
If the windows path name of the log is "c:\splunk\log\foo.log",
is the expression in inputs.conf as follows ?
[monitor:c:\splunk\log\]
host_regex = c:\\splunk\\log\\(\w+)
Best Regards,
- Hiroyuki