For the installation I do not see the Universal Splunk Forwarder /opt/log/www1 or /opt/log/www2 and am wondering why for that and if there was any changes to it.
Hello @keldridge1
for Splunk Universal forwader installation refer to
https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal...
for download of required UF version , deatils on UF refer to
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us
for mointoring you need to create file Inputs.conf in $SPLUNK_HOME/etc/system/local
and update following entries
[monitor:///opt/log/www1] disabled = 0 sourcetype = <yoursourcetype>
index = <yourindex>
[monitor:///opt/log/www2]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>
----
Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated
If somebody can post the steps as wel to install universal Splunk forwarder as well.
Hello @keldridge1
for Splunk Universal forwader installation refer to
https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder#Instal...
for download of required UF version , deatils on UF refer to
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html?locale=en_us
for mointoring you need to create file Inputs.conf in $SPLUNK_HOME/etc/system/local
and update following entries
[monitor:///opt/log/www1] disabled = 0 sourcetype = <yoursourcetype>
index = <yourindex>
[monitor:///opt/log/www2]
disabled = 0
sourcetype = <yoursourcetype>
index = <yourindex>
----
Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated
Thanks for helping me solve my issue.