I need to watch log files for certain error strings only. Ideally this would be done on the machine that contains the file to be monitored, so I am assuming that each machine that contains monitored files would need to be configured as a forwarder, but this is where I begin to get lost. I am a newbie to splunk so please forgive my novice question. Can anyone tell me what files need to be altered on the forwarder to filter and forward the strings? I do have this configured so that everytime the log file is altered it updates the reciever.
... View more