Am having a csv file(file name: testdata.csv) which stored in a machine with Ip addr 10.80.65.177:8085 and using the same to create reports,dashboards etc in splunk which we installed in another machine with ip addr 10.80.65.183:8000
Now how can i make the splunk to use this csv file on real time basis so that whenever this csv file testdata getting updated, the reports or dashboards in splunk also should get updated with recent data on real time basis.
how can i do that? also i already tried with universal forwarder but after installing it , it asks two port id such as forwarding and receiving port ids..am not sure which of those above port i have to use for this?
i have given forwarder port as 8000 in splunk manager but its not accepting .pls advice
Splunk itself contains no mechanisms for grabbing that CSV from another system. Installing an Universal Forwarder on the system will not do anything to help your situation as all it does is forwards data that should be indexed to the Splunk instance it's configured to forward to.
Easiest would be if 10.80.65.183 could mount the directory containing the csv file on 10.80.65.177. Then you could just point Splunk to the csv file just like with any other file.