Solved: How to configure universal forwarder on Linux to s...

vnguyen46 · ‎02-20-2020

Hi,
I installed and configured UF on a Linux server to send syslog to Splunk HF. I am now trying to send an application log also on the same server, say it's in /opt/application/applog.log, to the HF. What I need to modify on the UF .conf file(s) ?

Thanks.

manjunathmeti · ‎02-20-2020

If universal forwarder is already connecting to heavy forwarder then you can just add a MONITOR input to forward applog.log in inputs.conf on UF.

[monitor:///opt/application/applog.log]
disabled = false
index = <index_name>
sourcetype = <sourcetype_name>
crcSalt =

View solution in original post

manjunathmeti · ‎02-20-2020

If universal forwarder is already connecting to heavy forwarder then you can just add a MONITOR input to forward applog.log in inputs.conf on UF.

[monitor:///opt/application/applog.log]
disabled = false
index = <index_name>
sourcetype = <sourcetype_name>
crcSalt =

vnguyen46 · ‎02-21-2020

Thank you.

manjunathmeti · ‎02-21-2020

you are welcome 🙂

How to configure universal forwarder on Linux to send a log file to Splunk heavy forwarder?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life