Hi! I have a local setup where I have splunk Enterprise, and a single universal forwarder monitoring an arbitrary Documents folder: The forwarder is set up to send entire files to splunk with these inputs.conf settings: [batch://C:\Users\Currentuser\Documents\TestSplunk] disabled = 0 sourcetype = BugReport move_policy = sinkhole index = sandbox When I place a text file into this TestSplunk directory, it does disappear, showing that the forwarder had picked it up, and disposed of the file as per the move_policy. However, from Splunk enterprise, I can't seem to see evidence of the file being received. In the splunkd.log belonging to the forwarder, I don't see any message with regards to the file that it detected/sent/deleted. How would I be able to see information about this kind of thing?
... View more