I want to monitor a file on MachineA. I configured a universal forwarder on this machine, to send to MachineB. On MachineB, I can see MachineA in the forwarder connections using Deployment Monitor. However, I am at a loss on how to actually see what data is being sent.
The universal forwarder was configured with the following commands:
./splunk monitor /tmp/splunktest/test_current (test_current is the file I wish to monitor)
What do I need to do on MachineB to actually see the data? I tried "Add data" but can't figure out which option to choose.
Thanks!
... View more