How to configure a forwarder to regularly pick up ...

sundaresh83 · ‎03-18-2015

I have log and other data in a linux server. I am parsing the data using awk code and converting it into csv files. There is a forwarder installed in another location in the same linux server. How can I get the forwarder to pick the data (csv file) from its location regularly and ingest it into splunk? Is this the best way to do this? Or is there a better way of performing the same?
I have used splunk as a single instance on my laptop for analysis previously. But this is new. It would be great if there is a step by step guide.

miteshvohra · ‎03-18-2015

This is something what I am currently using for working on sample data in CSV format and is working great for the demo setup.

[monitor://<path to csv>/*.csv]
sourcetype = csv
KV_MODE = csv
index = name_your_index
disabled = false
crcSalt = <SOURCE>

Would appreciate your feedback what worked for you.

Regards, Mitesh.

sundaresh83 · ‎03-19-2015

Hi Mitesh,

Thanks for the reply. Should this be in the input? I l test this and surely let you know how it works.

How to configure a forwarder to regularly pick up data from a CSV file on a Linux server?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...