Hi
I am using ubuntu OS on AWS and i have five servers. I used full spunk installation on first server and universal forwarder installation on other servers. I enabled receiver port 9997 on first server using spulnk web (http://www.splunk.com/base/Documentation/latest/Deploy/Enableareceiver).How do i forward data to the first server using universal forwarder from rest of the servers? For eg: i want to monitor /var/log/ dirctory on all the servers from main splunk instance. Any simple config examples for input.conf and output.conf?
thanks in advance
... View more