Currently, during the installation of splunk forwarder, at one place it takes input of the directory path or file path of the log file to be indexed. Suppose my log files are in 2 different directories. How can I use both of them for indexing?
Thanks.
Are you asking how you'd set up your splunk forwarder to monitor multiple files that happen to exist in different directories on the same server? In inputs.conf you would just have two entries like this:
[monitor://C:\somedirectory\anotherone\test.log]
index = myindex
sourcetype = mysourcetype
[monitor://C:\mydirectory\somethingelse\file.log]
index = myindex
sourcetype = mysourcetype
If you do this through the Splunk UI it will create that inputs.con file for you in
http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs
Thanks. I dont have this entry for the file I am currently indexing, then also I can read it.