Hi! I have successfully installed a Splunk forwarder on the EC2 instance which my Python application is living. How do I tell the application what to send to the forwarder. Is there some sort of sys logging that I need to do, will the forwarder pick up all application output (prints, debugs, etc.) or how does that work?
If your application stores logs in a physical location on your EC2 instance you can simply monitor that file/directory.
[monitor:<filepath>] sourcetype = <sourcetype> index = <index>
host =
add any other setting you need. Check below document for your reference
https://docs.splunk.com/Documentation/Splunk/8.2.0/Admin/Inputsconf#inputs.conf.spec
Thanks for replying. Currently these logs are forwarding to Splunk cloud, I more or else am confused on how to dictate what exactly is forwarded!
you should be able get that information from using btool command
./splunk btool inputs list --debug
run this command from $SPLUNK_HOME$/bin