Hello Splunkers,
I am forwarding logs from Universal Forwarder, to a Search Peer (Standalone Inderxer) and doing the search from a standalone Search Head. I have done as far from my understanding. **How can I see access.log and secure.log from host www1 -www9.**
Below is the inputs.conf of my UF: (log path:- /opt/logs/www1 - www9)
[default]
host = UF-01-248
[monitor:///opt/log/www*/secure.log]
disabled = 0
host_segment = 5
sourcetype = secure.log
index = main
[monitor:///opt/log/www*/access.log]
disabled = 0
host_segment = 9
sourcetype = access.log
index = web
↧
