Hi,
Will explain briefly once.
I've installed Splunk enterprise from Splunk website. I don't have an idea about the component like UF, indexer, search head. Wheather how to find which component is running?? I think it is Indexer which will display log messages.
2.As you suggested to use Linux server for both forward and indexing in the same server or do we need two. If we can install in single Linux server, pls provide any useful link for installation and to add data input.
How to configure the inputs.conf file to receive logs from the firewall. Will it update logs dynamically.
mail to: jakir.shaik@stltech.in
... View more