I assume you want to monitor the file and send its content to SIEM? You will need to create an
inputs.confif it is not already created, and then put it into
(1) Add UF server for the host
(2) Put full path of the file you want to monitor
(3) Define the sourcetype you want it to have an the index you want it to go to..
Last but not the least, make sure to restart Splunk UF after all these changes so they could take effect. Also needed is an outputs.conf and make sure it points to the indexer if you don't already have one.
More details can be found here: