How, and what files specifically, do I configure to get data into Splunk enterprise from the localhost? I thought it would be as simple as modifying inputs.conf that I created (shown below), but that didn't change anything. Thoughts?
\Splunk\etc\apps\SplunkForwarder\local\inputs.conf
similar to the inputs.conf file on my system with Universal Forwarder:
'\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf
Setup:
Sys1: Windows 10, Splunk Enterprise
Sys2: Windows 10, Universal Forwarder
Logs from Sys2 are in Splunk Enterprise, but I can't see anything from Sys1.
Thanks!
Solved it, silly me. For those wondering and I hope this helps someone else. I simply didn't look around close enough.
Under Splunk Enterprise ->> Settings ->> Data Inputs ->> Local event log collection (Collect event logs from this machine.)
Just needed to open my eyes. Thanks!
Solved it, silly me. For those wondering and I hope this helps someone else. I simply didn't look around close enough.
Under Splunk Enterprise ->> Settings ->> Data Inputs ->> Local event log collection (Collect event logs from this machine.)
Just needed to open my eyes. Thanks!