I have a Splunk Lite Cloud license and I have installed Forwarders on all machines. I have forgotten which files and directories I configured them with initially. I need to review and edit the forwarder configuration and the sources it scans, but I do not see a way to do it.
Thanks in advance.
Try running a search
index=_internal source=*/metrics.log group=per_source_thruput | stats values(series) by host
I have more information with respect to making changes to the fowarder configuration.
I found the following inputs.conf file for the server grid-web1:
[monitor:///var/log/nginx] disabled =
false index = weavewebtier
[monitor:///var/log] disabled = false
index = default
If I wanted to add another director or file to scan, would I add to this file and then restart the splunk service on the server?
Suggest you create a new question, but yes, just add something like the following to that inputs.conf file and restart the splunk service
[monitor:///path/to/new/directory/or/file.txt] disabled = false index = default