All, I am relatively new to Splunk and trying to understand some basics along the way.
https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/Setadefaulthostforaninput
From the Splunk online info, I see the "Example of static host value assignment" ...
This example covers any events coming in from /var/log/httpd
[monitor:///var/log/httpd]
host = webhead-1
Why are there 3 slashes? I understand that the first slash in /var needs to be escaped, but why the 2nd slash?
Sorry for the simple question, but it keeps bugging me.
see:
https://docs.splunk.com/Documentation/Splunk/latest/admin/Inputsconf#MONITOR:
[monitor://<path>]
My conclusion thus far is that 2 of the slashes are simply the format required for inputs.conf and the 3rd slash is to indicate the path is starting at root for the absolute address path