Archive

How to store log to Splunk Enterprise Server with Forwarded inputs (File & Directories)

New Member

Hi

I see Forwarded inputs type File & Directories is monitor only not collect log to Splunk Enterprise.
How to store log with Forwarded inputs type File & Directories.

Thank you

Tags (1)
0 Karma

Influencer

You are asking basic questions, you should start with splunk education this will give you an overview

please have a look at following links

Free Splunk Fundamentals 1 https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html
Free Splnk Educational videos https://www.splunk.com/en_us/training/videos/all-videos.html
Learn how to use Splunk https://www.splunk.com/en_us/view/SP-CAAAG2R
Splunk Architecture Overview (e-learning) https://www.splunk.com/view/SP-CAAAHSJ
Download Splunk Enterprise for free and start exploring it https://www.splunk.com/en_us/download.html
Free trials and download https://www.splunk.com/en_us/download.html

0 Karma

Motivator

Forwarded inputs means data coming from Universal forwarder or Heavy Forwarder to Indexer.

if it so, then we can save data on that machine only i.e Indexer.

0 Karma

New Member

How to store raw log from Universal Forwarder to Splunk Enterprise?

0 Karma

New Member

What file store that log?

0 Karma

Influencer

Indexes in Splunk are stored in $SPLUNK_HOME/splunk/var/lib/splunk

You should have a look at this:

https://docs.splunk.com/Documentation/Splunk/7.2.3/Indexer/HowSplunkstoresindexes

0 Karma