Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is there nothing in inputs.conf after Universal Forwarder install, and selecting all the options

neiljpeterson
Communicator
‎12-05-2013 10:41 AM

I am just trying to do a quick proof of concept / demo of Spunk.

I installed the Universal Forwarder, and selected all the inputs in the GUI installer, plus selected a directory of log files. After the install my inputs.conf is empty. I could manually add these, but why is the installer not writing my selections to the file? Or am I missing something?

I am running the x64 version in on Windows Server 2008

This is all my inputs.conf has

[default]
host = DEV-WEBDEV1

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

neiljpeterson
Communicator
‎12-05-2013 10:49 AM

Ok I actually found the correct file.

It was located in 

C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local

Is this somewhere in the documentation and I missed it?

Why is there multiple 

\etc\local

folders and multiple input.conf s?

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

neiljpeterson
Communicator
‎12-05-2013 10:49 AM

Ok I actually found the correct file.

It was located in 

C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local

Is this somewhere in the documentation and I missed it?

Why is there multiple 

\etc\local

folders and multiple input.conf s?

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎12-05-2013 10:44 AM

On a Windows box you will find the install created inputs in the splunk\etc\apps\MSICreated\local folder.

0 Karma
Reply
Solved! Jump to solution

neiljpeterson
Communicator
‎12-05-2013 10:47 AM

On the host I am forwarding from? I don't see that dir on the host

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...