We have a requirement to detect various application logs from multiple Windows boxes. The current data collection process is too manual by going to specific teams and finding the location of application logs etc.. I wanted to test out the "full scan and learn approach"
So my plan is:
- Collect any location of logs (eg `*.log`, `*.logs`) in C Drive, D drive etc..
- By getting a hint of the logs, do a 2nd iteration to collect specific logs
1. Has anyone tried this approach?
2. How to just get the "filenames" recursively in Windows using a Splunk Universal Forwarder?
↧