All Apps and Add-ons

How to forward nix auditd data from UF to Indexer

token2
Path Finder

I have installed auditd app and TA on my indexer/search head but this is a free license, I do not have deployment capability. How do I configure a linux machine's UF to forward the necessary logs to the indexer? I already have the UF 9997 output pointing to my indexer and my indexer set to receive, but do I need to manually copy over the auditd TA-Linux_auditd app contents to the UF's apps path?

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!