Hi..
I was used to using splunk as a single instance in my laptop. I am new to forwarders and indexes. I have log data in the form of csv files available(with headers) . Assuming data is in /abc/data_files and splunk forwarder files are in /abc/splunkforwarder/etc/system/local.
In the local I only find these files
deploymentclient.conf, inputs.conf, outputs.conf, README, server.conf.
When I opened inputs.conf and outputs.conf I found them to be empty.
How do I make the forwarder to pick the files from the location and start loading the data.
How do I create a new index so that I can handle the data better.
Why is there no props.conf file? Dont I need it? Why are the other files empty?
I do not know if I am even in the right direction in wanting to make changes in the forwarder. I am really lost. Please consider me to be a beginner. Please let me step by step or point me to a document to figure out how to do this?
... View more