Hi,
I currently installed splunk on linux machine and I wanted to monitor the logs on the same machine. Should I use the universal forwarder, to monitor the logs on the same machine to get the best performance.
Best to use the Splunk install you have on that server rather than put a forwarder. The splunk install has the forwarder built in and you can follow the UI to set up your file monitoring for that server.