In case you haven't noticed, this is a really old thread. Your question might not get the visibility you want in this thread. Try starting a new thread describing your problem in the Getting Data In section of this forum. ... View more

This is a great guidance. My follow up question is what stanza I need to add in inputs.conf to send any application logs along with the syslog to a Splunk HF? Thanks, ... View more

Hi Guys, I have two instances on microsoft azure environment one is splunk-server and other is splunk-forwarder(universalForwarder). Everything is fine with configuration ,then I tried to monitor tomcat logs and I have perform below steps on forwarder. /usr/share/splunk_setup/splunkforwarder/bin/splunk add monitor /usr/share/apache-tomcat-7.0.42/logs/catalina.out -index default -sourcetype log4j -hostname splunkforwarder But in search tab of splunk-web I always get No results found. search-query: host=splunkforwarder sourcetype=log4j I checked inputs.conf ,CLI is not writing anything .So now I decided to write manually in these file. Please tell me ,what I need to enter in my forwarders's inputs.conf and outputs.conf? Thanks in advance!! ... View more