How can I send events from a monitor input file to...

Rocky31 · ‎08-10-2017

I am not sure about this, it's very tricky. Can anyone help me on this?
Do I need to update any .conf files?

skoelpin · ‎08-10-2017

Do you have a fresh install of Splunk? If so, you need to enable your Indexer to listen on port 9997. Once that's done you then need to use your deployment server (or login to the machine with the forwarder installed) and edit the inputs.conf to monitor a file and have an outputs.conf to tell the forwarder where to send the data to

https://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Forwarding/Enableareceiver

http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Forwarding/Configuredatacollectiononforwarder...

http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Forwarding/Configureforwarderswithoutputs.con...

adonio · ‎08-10-2017

identify the index under the monitoring stanza in inputs.conf
[monitor:///my_stuff]
index = my_stuuf_index

How can I send events from a monitor input file to an index I created?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

How can I send events from a monitor input file to an index I created?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >