I am having trouble getting the IIS logs and Message Tracking logs to show up Splunk. I am able getting some Exchange information such as mailbox counts, database statistics and items such as that.
We don't have our logs in the default locations and I have found the files that need to be update, I think.
For the Message Tracking logs, I believe that I need to update the file:
so that the monitor stanza reads:
which is the location of our Message Tracking logs. My question is, do I just update this file or do I need to copy the stanza and insert it into a local file someplace such as:
I am experiencing the same thing with my IIS logs. Do I just update the:
file in that location or do I need to copy that to another location as well?
I will admit that I am new to Splunk and I don't find the documentation to be overly clear as to what to do so any guidance that can be provided would be greatly appreciated.
... View more