We recently purchased the managed splunk cloud instance, I am in the process of adding data. We would like to index our db2diag logs which are sitting on the Linux servers. I went though the process of installing the forwarder and forwarder credentials. Now I am at a loss on how to tell the forwarder what logs to forward to splunk? With the managed splunk cloud instance, you can't do it through the Add Data button. I do have the monitoring console app, and I see the new Linux forwarder there. But I don't see an option there to manipulate the forwarder in any way. Do I have to configure the forwarder inputs on the Linux server?
Also when I look at the monitoring console app, I see the universal forwarder and the heavy forwarder there. But we only installed universal. Is that am installation default?
This may help:
You have to write inputs.conf on the forwarder.