Hi @BoscoBaracus , as I said, you can do it and surely easier than the conf file, but it isn't a best practice, because you must manually configure it, instead using a conf file, managed by the DS, ...
See more...
Hi @BoscoBaracus , as I said, you can do it and surely easier than the conf file, but it isn't a best practice, because you must manually configure it, instead using a conf file, managed by the DS, you have a centralized management. About configuration on Windows UF, you cannot use the GUI because UF hasn't any GUI, you must configure inputs using the conf files or a CLI command. In addition, using Splunk Network inputs, when you restart Splunk for maintenance or something else, you lose syslogs, instead using rsyslog, that's a standard Linux component (you don't need to install it!), you can receive logs also when Splunk is down. So I hint, based on Splunk best practices, I hint to use rsyslog, but you're free to use a different solution. Ciao. Giuseppe