How to configure a forwarder to regularly pick up ...

sundaresh83 · ‎03-18-2015

I have log and other data in a linux server. I am parsing the data using awk code and converting it into csv files. There is a forwarder installed in another location in the same linux server. How can I get the forwarder to pick the data (csv file) from its location regularly and ingest it into splunk? Is this the best way to do this? Or is there a better way of performing the same?
I have used splunk as a single instance on my laptop for analysis previously. But this is new. It would be great if there is a step by step guide.

miteshvohra · ‎03-18-2015

This is something what I am currently using for working on sample data in CSV format and is working great for the demo setup.

[monitor://<path to csv>/*.csv]
sourcetype = csv
KV_MODE = csv
index = name_your_index
disabled = false
crcSalt = <SOURCE>

Would appreciate your feedback what worked for you.

Regards, Mitesh.

sundaresh83 · ‎03-19-2015

Hi Mitesh,

Thanks for the reply. Should this be in the input? I l test this and surely let you know how it works.

How to configure a forwarder to regularly pick up data from a CSV file on a Linux server?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation