Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk - Adding stanza in input.conf file

rajiv_r
Explorer
‎01-07-2020 03:26 AM

i am using Splunk enterprise trial version and trying to push the windows logs to Splunk from the customize location . I gave the path location of my file which i want to push in /etc/system/local folder inside input.conf file and restarted the splunk server but still i could not able to see the file in splunk.
I have followed the below documents to add the stanza in the input.conf file
https://docs.splunk.com/Documentation/Splunk/8.0.1/Data/Monitorfilesanddirectorieswithinputs.conf

Can anyone please guide me in this as how to push the file ti splunk from a customize location
Note- I made the changes in the input.conf file inside splunk universal forwarder directory as i dont have $splunk_home file directory

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-07-2020 04:00 AM

Please post the inputs.conf settings for the logs and the search you are using to try to find the data.

Every Splunk instance has a $SPLUNK_HOME directory. It's the file system location where Splunk is installed. On Windows systems with a UF installed, it's often C:\Program Files\SplunkUniversalForwarder. $SPLUNK_HOME is Linux notation for a shell variable.

---
If this reply helps you, Karma would be appreciated.
Reply

rajiv_r
Explorer
‎01-07-2020 04:22 AM

again a lot of thanks for your answer i got it fixed..Actually document was saying to restart the server but actually we need to restart the forwarder only. And when i did it it started working

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-07-2020 05:10 AM

Please submit feedback (not a comment) on the documentation so Splunk can clarify what should be restarted.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...