My question is, how can I modify this command line so that it only logs certain things? I don't want to roll this out across my enterprise and the be bombarded by logs because it's capturing too much. For example, can I log errors only?
If I find a configuration I like how will I modify this configuration for all clients that have splunk installed across the enterprise?
Thanks for the reply. I'll take a look at deployment services. I guess my real question is, since Splunk just monitors certain log files for changes and then forwards the changes to a central store (that's my understanding) is it even possible to modify the forwarder so that it only forwards errors?