Solved: Universal forwarder - configuration

verifi81 · ‎11-22-2020

Hello,

On a Universal Forwarder can someone tell me where the config is that tells the universal forwarder where to send the logs?

I need this for Windows and Linux.

Thank you

verifi81 · ‎11-22-2020

I found it.

It's under $SPLUNK_HOME/etc/apps/search/local/

The file is outputs.conf

View solution in original post

vikramyadav · ‎11-22-2020

I'm not sure which log file you are interested in so you can use btool to check outputs.conf

For Linux and Linux

$Splunk_Home/splunk btool outputs list --debug

-------------------------------------

If this help your like will be appreciated 🙂

verifi81 · ‎11-22-2020

appreciate the quick response, but that video and blog did not tell me which file to view those settings at. My universal forwarders are already forwarding to an index and I'm simply trying to find which file I can CAT to view the indexer.

vikramyadav · ‎11-22-2020

Hi @verifi81

You can check out this video

https://www.splunk.com/en_us/resources/videos/splunk-education-getting-data-in-with-forwarders.html

And blog too

https://geek-university.com/splunk/configure-a-splunk-forwarder-on-linux/

-------------------------------------

If this help your like will be appreciated 🙂

verifi81 · ‎11-22-2020

I found it.

It's under $SPLUNK_HOME/etc/apps/search/local/

The file is outputs.conf

Universal forwarder - configuration

configuration

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector