Hi All, I am new to splunk. Just doing a POC. So i have a splunk enterprise trial application which i am using for indexing and searching. On same machine I have a universal forwarder. I am trying to forward the logs from UF to Inderxer. When i am giving path to my syslog or splunk logs i can see logs in inderxer. Below is the input.conf - [monitor:C:\Program Files\Splunk\var\log\splunk] disabled = 0 But when i change it to some other folder for logs like - [monitor:C:\test\testlogs] disabled = 0 Its not forwarding any logs. I do have files in this location, those files are logs but not running logs. Also Do i need to change only "etc\system\local" or "etc\apps\SplunkUniversalForwarder\local" also
... View more
