Hi Splunkers,
After performing your Best Practice of assigning the index to the admin and user roles, I (newbie) am still not get the application logs (as TXT files) into the tmsxe index. I
I am on Windows Server 2008 R2, using the 64-bit Splunk Universal Forwarder to Splunk Enterprise 6.4.1. The Forwarder has the Splunk Add-on for Windows.
The inputs.conf is
[default]
host = FMSTMSXE02
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
[monitor://C:\\ProgramData\\Cisco\\TMSXE\\Logs\]
disabled = false
index = tmsxe
The files are txt, but are recursive. I probably can write RegEx with the Whitelist key.
The files come in the Default index. I can search\report, but I want to index.
I attached a PNG.
Thank you so much for helping me.
↧