Hi
I am going to use splunk to index remote files using a universal forwarder. Is there a way to be able to tell from which data was indexed from which remote file? I have tried to index some files but did not get this information. In general i would like to index all files that are put in a directory, and not add files to monitor one by one
Any help is much appreciated
By default the source
field should be the filename, what source
does your data have?
ok found what it was, i had set the input as TCP from Data inputs instead of configuring a receiver in Forwarding and receiving. Once I put the configuration in Forwarding and receiving I started getting the file name as the source
the source field is tcp: