Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

add log file to splunk universal forwarder

jszyba
New Member
‎04-02-2014 09:08 AM

I'm trying to monitor a log file to a splunk universal forwarder. For example the splunkd.log file. I've tried getting into the inputs.conf file on the machine with the universal forwarder intstalled and adding [monitor://$SPLUNK_HOME\var\log\splunk\splunkd.log]. I can't see the log file on the main reciever. What am I missing here? Please help....

Tags (3)
0 Karma
Reply

rkirkw
Path Finder
‎04-02-2014 09:58 AM

The splunkd.log is most likely already being sent by the forwarder but you may not be searching the internal indexes by default.

Try this search:
index=_internal source="/opt/splunkforwarder/var/log/splunk/splunkd.log" host=hostname

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-02-2014 09:48 AM

That file should be monitored automatically, search the _internal index for it.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...