Do I need to create a local/inputs.conf file on my index under this TA? If so what should it contain?
We have fireeye sending to syslog and syslog creating a folder and log file. Splunk then monitoring the folder. How can i configure the Fireeye add-on to monitor the folder or look at the data coming in via "Monitor Folder"?
what information splunk can read from fireeye's logs?