Splunk Enterprise

How to store log to Splunk Enterprise Server with Forwarded inputs (File & Directories)

mindterrian
New Member

Hi

I see Forwarded inputs type File & Directories is monitor only not collect log to Splunk Enterprise.
How to store log with Forwarded inputs type File & Directories.

Thank you

Tags (1)
0 Karma

dkeck
Influencer

You are asking basic questions, you should start with splunk education this will give you an overview

please have a look at following links

Free Splunk Fundamentals 1 https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html
Free Splnk Educational videos https://www.splunk.com/en_us/training/videos/all-videos.html
Learn how to use Splunk https://www.splunk.com/en_us/view/SP-CAAAG2R
Splunk Architecture Overview (e-learning) https://www.splunk.com/view/SP-CAAAHSJ
Download Splunk Enterprise for free and start exploring it https://www.splunk.com/en_us/download.html
Free trials and download https://www.splunk.com/en_us/download.html

0 Karma

vishaltaneja070
Motivator

Forwarded inputs means data coming from Universal forwarder or Heavy Forwarder to Indexer.

if it so, then we can save data on that machine only i.e Indexer.

0 Karma

mindterrian
New Member

How to store raw log from Universal Forwarder to Splunk Enterprise?

0 Karma

mindterrian
New Member

What file store that log?

0 Karma

dkeck
Influencer

Indexes in Splunk are stored in $SPLUNK_HOME/splunk/var/lib/splunk

You should have a look at this:

https://docs.splunk.com/Documentation/Splunk/7.2.3/Indexer/HowSplunkstoresindexes

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...