All, I am relatively new to Splunk and trying to understand some basics along the way.
From the Splunk online info, I see the "Example of static host value assignment" ...
This example covers any events coming in from /var/log/httpd
[monitor:///var/log/httpd] host = webhead-1
Why are there 3 slashes? I understand that the first slash in /var needs to be escaped, but why the 2nd slash?
Sorry for the simple question, but it keeps bugging me.
My conclusion thus far is that 2 of the slashes are simply the format required for inputs.conf and the 3rd slash is to indicate the path is starting at root for the absolute address path