<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Logs forwarded from universal forwarder in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/536410#M89915</link>
    <description>&lt;P&gt;Ok thanks! Am i able to generate raw log files from these indexed logs?&lt;/P&gt;</description>
    <pubDate>Wed, 20 Jan 2021 00:01:02 GMT</pubDate>
    <dc:creator>James8</dc:creator>
    <dc:date>2021-01-20T00:01:02Z</dc:date>
    <item>
      <title>Logs forwarded from universal forwarder</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/535986#M89868</link>
      <description>&lt;P&gt;Hi, i would to like to ask:&amp;nbsp;&lt;/P&gt;&lt;P&gt;1. Where do I find the log files that are being forwarded from an universal forwarder on the machine installed with Splunk Enterprise ?&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 15 Jan 2021 11:07:48 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/535986#M89868</guid>
      <dc:creator>James8</dc:creator>
      <dc:date>2021-01-15T11:07:48Z</dc:date>
    </item>
    <item>
      <title>Re: Logs forwarded from universal forwarder</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/535989#M89870</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/228875"&gt;@James8&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;all the logs from UFs are in the Indexes. they are indexed and stored in in buckets with all the indexes that Splunk uses to search them; you haven't forwarded log files, only indexed logs in Indexes.&lt;/P&gt;&lt;P&gt;To understand how splunk indexes logs, you can see at&amp;nbsp;&lt;A href="https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/HowSplunkstoresindexes" target="_blank"&gt;https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/HowSplunkstoresindexes&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Ciao.&lt;/P&gt;&lt;P&gt;Giuseppe&lt;/P&gt;</description>
      <pubDate>Fri, 15 Jan 2021 11:31:17 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/535989#M89870</guid>
      <dc:creator>gcusello</dc:creator>
      <dc:date>2021-01-15T11:31:17Z</dc:date>
    </item>
    <item>
      <title>Re: Logs forwarded from universal forwarder</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/536410#M89915</link>
      <description>&lt;P&gt;Ok thanks! Am i able to generate raw log files from these indexed logs?&lt;/P&gt;</description>
      <pubDate>Wed, 20 Jan 2021 00:01:02 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/536410#M89915</guid>
      <dc:creator>James8</dc:creator>
      <dc:date>2021-01-20T00:01:02Z</dc:date>
    </item>
    <item>
      <title>Re: Logs forwarded from universal forwarder</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/536484#M89921</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/228875"&gt;@James8&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;you already have _raw logs!&lt;/P&gt;&lt;P&gt;you have to run a search on the index where you stored logs (e.g. index=my_index) and see logs.&lt;/P&gt;&lt;P&gt;probably you should see the Splunk Documentation about how Splunk works:&lt;/P&gt;&lt;P&gt;&lt;A href="https://docs.splunk.com/Documentation/Splunk/latest/Data/Getstartedwithgettingdatain" target="_blank"&gt;https://docs.splunk.com/Documentation/Splunk/latest/Data/Getstartedwithgettingdatain&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Ciao.&lt;/P&gt;&lt;P&gt;Giuseppe&lt;/P&gt;&lt;P&gt;P.S.: Karma Points are appreciated &lt;span class="lia-unicode-emoji" title=":winking_face:"&gt;😉&lt;/span&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 20 Jan 2021 12:40:31 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Logs-forwarded-from-universal-forwarder/m-p/536484#M89921</guid>
      <dc:creator>gcusello</dc:creator>
      <dc:date>2021-01-20T12:40:31Z</dc:date>
    </item>
  </channel>
</rss>

