All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are there ways to change the universal Splunk forwarder /opt/log/www1 or /opt/log/www2?

keldridge1
Explorer
‎05-18-2023 07:40 PM

For the installation I do not see the Universal Splunk Forwarder /opt/log/www1 or /opt/log/www2 and am wondering why for that and if there was any changes to it. 

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

SanjayReddy
SplunkTrust
SplunkTrust
‎05-18-2023 08:41 PM

Hello @keldridge1 

for Splunk Universal forwader installation refer to 

https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal... 

for download of required UF version , deatils on UF refer to 

https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us

for mointoring  you need to create file Inputs.conf  in $SPLUNK_HOME/etc/system/local

and update following entries 

[monitor:///opt/log/www1]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

[monitor:///opt/log/www2] 
disabled = 0 
sourcetype = <yoursourcetype>
index = <yourindex>

 

----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated

View solution in original post

0 Karma
Reply
Solved! Jump to solution

keldridge1
Explorer
‎05-18-2023 08:21 PM

If somebody can post the steps as wel to install universal Splunk forwarder as well.

0 Karma
Reply
Solved! Jump to solution
Solution

SanjayReddy
SplunkTrust
SplunkTrust
‎05-18-2023 08:41 PM

Hello @keldridge1 

for Splunk Universal forwader installation refer to 

https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal... 

for download of required UF version , deatils on UF refer to 

https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us

for mointoring  you need to create file Inputs.conf  in $SPLUNK_HOME/etc/system/local

and update following entries 

[monitor:///opt/log/www1]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

[monitor:///opt/log/www2] 
disabled = 0 
sourcetype = <yoursourcetype>
index = <yourindex>

 

----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated

0 Karma
Reply
Solved! Jump to solution

keldridge1
Explorer
‎05-19-2023 02:44 AM

Thanks for helping me solve my issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...