Hi
I have the question about splunkforwarder , so hope someone can help me !
First ,
I successfully used to transfer logs , as follows
/opt/splunkforwarder/etc/system/local/inputs.conf
[default]
host = 10.10.203.1
[monitor:///var/log/httpd/access_log]
disabled = 0
sourcetype = http_access_log
/opt/splunkforwarder/etc/system/local/outputs.conf
[tcpout]
defaultGroup = 10.10.203.7_9997
[tcpout:10.10.203.7_9997]
server = 10.10.203.7:9997
[tcpout-server://10.10.203.7:9997]
But if i want to change to UDP 514 , i search and read documents, i cant understand how to do it correctly .
Second ,
I read the http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Outputtext, but where to use the syntax of outputtext , command or others ?
--
best regards,
cross
... View more