How do I setup a Universal Forwarder on a CentOS DHCP server to forward all DHCP messages written to the /var/log/messages file to my Splunk server so they can be indexed and queried?
Thanks in advance!
Take a look at this: http://docs.splunk.com/Documentation/Splunk/6.0.3/Forwarding/Deployanixdfmanually
View solution in original post
Thanks for the pointing me in the right direction.