I have log and other data in a linux server. I am parsing the data using awk code and converting it into csv files. There is a forwarder installed in another location in the same linux server. How can I get the forwarder to pick the data (csv file) from its location regularly and ingest it into splunk? Is this the best way to do this? Or is there a better way of performing the same?
I have used splunk as a single instance on my laptop for analysis previously. But this is new. It would be great if there is a step by step guide.
This is something what I am currently using for working on sample data in CSV format and is working great for the demo setup.
[monitor://<path to csv>/*.csv]
sourcetype = csv
KV_MODE = csv
index = name_your_index
disabled = false
crcSalt = <SOURCE>
Would appreciate your feedback what worked for you.