Re: Splunk - Adding stanza in input.conf file

rajiv_r · ‎01-07-2020

i am using Splunk enterprise trial version and trying to push the windows logs to Splunk from the customize location . I gave the path location of my file which i want to push in /etc/system/local folder inside input.conf file and restarted the splunk server but still i could not able to see the file in splunk.
I have followed the below documents to add the stanza in the input.conf file
https://docs.splunk.com/Documentation/Splunk/8.0.1/Data/Monitorfilesanddirectorieswithinputs.conf

Can anyone please guide me in this as how to push the file ti splunk from a customize location
Note- I made the changes in the input.conf file inside splunk universal forwarder directory as i dont have $splunk_home file directory

richgalloway · ‎01-07-2020

Please post the inputs.conf settings for the logs and the search you are using to try to find the data.

Every Splunk instance has a $SPLUNK_HOME directory. It's the file system location where Splunk is installed. On Windows systems with a UF installed, it's often C:\Program Files\SplunkUniversalForwarder. $SPLUNK_HOME is Linux notation for a shell variable.

---
If this reply helps you, Karma would be appreciated.

rajiv_r · ‎01-07-2020

again a lot of thanks for your answer i got it fixed..Actually document was saying to restart the server but actually we need to restart the forwarder only. And when i did it it started working

richgalloway · ‎01-07-2020

Please submit feedback (not a comment) on the documentation so Splunk can clarify what should be restarted.

---
If this reply helps you, Karma would be appreciated.

Splunk - Adding stanza in input.conf file

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life