Splunk Enterprise

when splunk is installed on centos machine to capture syslog messages, in which path these syslogs will be stored?

thirumal_tr
New Member

when splunk is installed on centos machine to capture syslog messages, in which path these syslogs will be stored?

Tags (1)
0 Karma

thirumal_tr
New Member

here is the output:
[root@Linux-LDNS splunk]# pwd
/opt/splunk/var/lib/splunk
[root@Linux-LDNS splunk]# ls
audit defaultdb history.dat _internaldb kvstore summary.dat _telemetry.dat
_audit.dat fishbucket historydb _introspection main.dat summarydb _thefishbucket.dat
authDb hashDb _internal.dat _introspection.dat persistentstorage _telemetry
[root@Linux-LDNS splunk]#

0 Karma

thirumal_tr
New Member

Hai,

thanks for the reply.

but I didnt see any log file here under $SPLUNK_HOME/var/lib/splunk/[Index_Name].

whats the value of index_name here?

can you please provide the exact path of the logs files?

thanks

0 Karma

thirumal_tr
New Member

here is the output:
[root@Linux-LDNS splunk]# pwd
/opt/splunk/var/lib/splunk
[root@Linux-LDNS splunk]# ls
audit defaultdb history.dat _internaldb kvstore summary.dat _telemetry.dat
_audit.dat fishbucket historydb _introspection main.dat summarydb _thefishbucket.dat
authDb hashDb _internal.dat _introspection.dat persistentstorage _telemetry
[root@Linux-LDNS splunk]#

0 Karma

aakwah
Builder

Hello,

Splunk will read logs from /var/log/ directory then insert logs into Splunk index at this location $SPLUNK_HOME/var/lib/splunk/[Index_Name].

Hope this answers your question.

Regards

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!