Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Where can I find the existing config files on our host machine? (New to Splunk!)

joshbola
New Member
‎08-17-2017 10:40 AM

Hello there everyone, wanted to reach out for help as I have taken a new role in my work life and I was give the duties on Splunk. I have never used it before, so I have been watching the education videos and learning. I am coming into an environment that already has Splunk setup.

I have a project request to add something to an existing Dashboard. The system that will be forwarding Data already has Universal Forwarder Installed and configured.

My questions is where can I find the existing config files on the host machines? I believe that is the file that I need to edit in order to forward data to Splunk for a new log.

Sorry but I am a newbie with this app, so learning continues...

Thank You

0 Karma
Reply

woodcock
Esteemed Legend
‎08-17-2017 05:28 PM

Are you using a Deployment Server or a Monitoring Console (which will tell you if you are using a DS)?

0 Karma
Reply

joshbola
New Member
‎08-17-2017 11:14 AM

Hello there Chris, thank you for your response and yes its a BIG task at hand to learn Splunk.

So the host machine is already forwarding data from other logs to the Indexer. I need to register a new log file to forward the data to indexer. I did find the inputs.conf and it looks like there is the host information and there is a Script with PATH File type pointing to Splunk-wmi.exe

Thank You

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎08-17-2017 10:49 AM

Welcome to the world of Splunk! It is a lot to learn. 🙂

If all you need to do is set up the indexer to receive data from a forwarder that is already configured, edit inputs.conf in $SPLUNK_HOME/etc/system/local. See Enable a receiver in the Forwarder Manual.

You should also familiarize yourself with the relevant parts of the Getting Data In manual.

Information about configuration files - their location and precedence - is in the Admin Manual. Start with About configuration files and read the topics that follow it.

Also, there is documentation specifically for people who have inherited a Splunk Enterprise deployment! It might also be useful for you. See Inherit a Splunk Enterprise Deployment.

Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...
Top