All Apps and Add-ons

Are there ways to change the universal Splunk forwarder /opt/log/www1 or /opt/log/www2?

keldridge1
Explorer

For the installation I do not see the Universal Splunk Forwarder /opt/log/www1 or /opt/log/www2 and am wondering why for that and if there was any changes to it. 

Labels (3)
0 Karma
1 Solution

SanjayReddy
SplunkTrust
SplunkTrust

Hello @keldridge1 

for Splunk Universal forwader installation refer to 

https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal... 

for download of required UF version , deatils on UF refer to 

https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us

for mointoring  you need to create file Inputs.conf  in $SPLUNK_HOME/etc/system/local

and update following entries 

[monitor:///opt/log/www1]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

[monitor:///opt/log/www2] 
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated

View solution in original post

0 Karma

keldridge1
Explorer

If somebody can post the steps as wel to install universal Splunk forwarder as well.

0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hello @keldridge1 

for Splunk Universal forwader installation refer to 

https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal... 

for download of required UF version , deatils on UF refer to 

https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us

for mointoring  you need to create file Inputs.conf  in $SPLUNK_HOME/etc/system/local

and update following entries 

[monitor:///opt/log/www1]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

[monitor:///opt/log/www2] 
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated

0 Karma

keldridge1
Explorer

Thanks for helping me solve my issue.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...