I have to forward my data from my machine to serval using universal forwarder. What should be the content of inputs.conf?
## This is for linux, windows is slightly different
[monitor:<absolute_file_path>]
sourcetype = <sourcetype_name>
index = <index_name>
#Example
[monitor:///var/log/httpd]
sourcetype = access_common
index = main
You can find more examples here - https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf#inputs.conf.example
---
An upvote would be appreciated and Accept solution if this reply helps!
I am giving this config in inputs.conf but can't see my data forwarded to the server
@akankshayadav Can you share what have you configured where did you deploy it?
Do you know the index that you are using already created in Splunk?
The file you want to monitor having enough read permissions and having contents in it?
In my inputs.conf
[monitor://C:\Users\Lenovo\Documents\............\*.csv]
disabled = 0
index = index_fptsinv
sourcetype = csv
My ip is 192.168.29.117
I have to send to server with ip 139.23.76.80
Can u also tell me which Ip i've to provide in Deployement server and which in Receiver index?
@akankshayadav Can you follow this thread - Props.conf settings are not working - Splunk Community which is similar to what you are trying to achieve. You need to set-up other .conf files like outputs.conf (must).. props.conf (optional) etc.
---
Hope this reply helps!
NO. This isn't my requirement . In my case , data is not received.
However, can you help with this
My ip is 192.168.29.117
I have to send to server with ip 139.23.76.80
Can u also tell me which Ip i've to provide in Deployement server and which in Receiver index?
If you are using forward management using Deployment server (DS) then 'My ip is 192.168.29.117' shall be added to serverclass.conf in DS (this step is optional if you have configured inputs.conf directly on UF). 139.23.76.80 should have been your intermediate forwarder/indexer IP shall be in outputs.conf on UF where you have configured inputs.conf.
When you complete the above set-up and could not find the logs, then there could be many other reasons for not ingesting data to Splunk, check the splunkd.log of UF or you can query same in _internal index.
---
An upvote would be appreciated if this reply help you!
@akankshayadav Provided were least minimum config, however there are additional settings to be added depends on use case. Have a look at the link provided and read of splunk docs for detailed understanding.
---
An upvote would be appreciated and Accept solution if this reply helps!