Hi
This is my inputs.conf file in universal forwader on a windows box
[default]
host = wgbbx001
[monitor://E:\application1]
index = _internal
[monitor://E:\application1\Logs]
index = _internal
There are sub folders and logs inside the folder called application, I want to view it through splunkweb- my indexer is in another linux box and but with the above configuration application logs are not shown in splunk web.Any idea why its not working..is there anything else to be added in inputs.conf?
The problem may be the index. _internal is used for internal splunk metrics. You will need to add these to the 'main' index or create your own index.
Also, if you define a monitor for E:\application1 it will get everything in that directory including the Logs directory. It is recursive by default so you wouldn't need both entries.
The problem may be the index. _internal is used for internal splunk metrics. You will need to add these to the 'main' index or create your own index.
Also, if you define a monitor for E:\application1 it will get everything in that directory including the Logs directory. It is recursive by default so you wouldn't need both entries.
You are right...when I removed index_internal,it worked.thank you