Hi,
I'm evaluating Splunk for the first time. I installed a forwarder on a Windows server and I configured the inputs.conf (/etc/system/local) like this:
[default]
host = name1
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
[monitor://C:\Program Files (x86)\FileZilla Server\Logs\]
host = name1
index=FTP_logs_2
source="C:\Program Files (x86)\FileZilla Server\Logs\"
disabled = 0
whitelist=.log$
#ignoreOlderThan = 7d
#blacklist=C:\logs\onelog.log
The goal is to monitor FileZilla logs.
Index has been created on indexer.
When I'm trying to search data by typing name1 on the Splunk search bar, I get no data. name1 is also not on the host tab in Data Summary button. I need first to search the index in order to see data and search with a random word for finding what I want.
Can anyone help me ?
Thanks,
By default Splunk will only search the main index. You can add extra default indexes to different roles from Settings > Access controls > Roles select the appropriate role, and in the section "Indexes searched by default" add the index FTP_logs_2.
However, the search manual states for efficient searches you should be more specific, adding indexes in this way will search through more data
Dave