Hi
I see Forwarded inputs type File & Directories is monitor only not collect log to Splunk Enterprise. How to store log with Forwarded inputs type File & Directories.
Thank you
You are asking basic questions, you should start with splunk education this will give you an overview
please have a look at following links
Free Splunk Fundamentals 1 https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html Free Splnk Educational videos https://www.splunk.com/en_us/training/videos/all-videos.html Learn how to use Splunk https://www.splunk.com/en_us/view/SP-CAAAG2R Splunk Architecture Overview (e-learning) https://www.splunk.com/view/SP-CAAAHSJ Download Splunk Enterprise for free and start exploring it https://www.splunk.com/en_us/download.html Free trials and download https://www.splunk.com/en_us/download.html
Forwarded inputs means data coming from Universal forwarder or Heavy Forwarder to Indexer.
if it so, then we can save data on that machine only i.e Indexer.
How to store raw log from Universal Forwarder to Splunk Enterprise?
What file store that log?
Indexes in Splunk are stored in $SPLUNK_HOME/splunk/var/lib/splunk
You should have a look at this:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Indexer/HowSplunkstoresindexes
