Hey Rich,
Thanks for your answer. I think I figured it out. All I'm trying to do is get splunk to monitor local files (/var/log/syslog) on the local machine. That local machine is our syslog server that is receiving logs from the network. Hope that makes sense. In the past we had splunk set up as it's own VM and was getting the logs forwarded from the log server. Now they're both on the same physical hardware. I was just making it more complicated in my head I think. Thanks again.
... View more