All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are there ways to change the universal Splunk forwarder /opt/log/www1 or /opt/log/www2?

keldridge1
Explorer
‎05-18-2023 07:40 PM

For the installation I do not see the Universal Splunk Forwarder /opt/log/www1 or /opt/log/www2 and am wondering why for that and if there was any changes to it. 

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

SanjayReddy
SplunkTrust
SplunkTrust
‎05-18-2023 08:41 PM

Hello @keldridge1 

for Splunk Universal forwader installation refer to 

https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal... 

for download of required UF version , deatils on UF refer to 

https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us

for mointoring  you need to create file Inputs.conf  in $SPLUNK_HOME/etc/system/local

and update following entries 

[monitor:///opt/log/www1]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

[monitor:///opt/log/www2] 
disabled = 0 
sourcetype = <yoursourcetype>
index = <yourindex>

 

----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated

View solution in original post

0 Karma
Reply
Solved! Jump to solution

keldridge1
Explorer
‎05-18-2023 08:21 PM

If somebody can post the steps as wel to install universal Splunk forwarder as well.

0 Karma
Reply
Solved! Jump to solution
Solution

SanjayReddy
SplunkTrust
SplunkTrust
‎05-18-2023 08:41 PM

Hello @keldridge1 

for Splunk Universal forwader installation refer to 

https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal... 

for download of required UF version , deatils on UF refer to 

https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us

for mointoring  you need to create file Inputs.conf  in $SPLUNK_HOME/etc/system/local

and update following entries 

[monitor:///opt/log/www1]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>

 

[monitor:///opt/log/www2] 
disabled = 0 
sourcetype = <yoursourcetype>
index = <yourindex>

 

----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated

0 Karma
Reply
Solved! Jump to solution

keldridge1
Explorer
‎05-19-2023 02:44 AM

Thanks for helping me solve my issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...