All,
I have a successfully deployed app based on the Splunk documentation on how to create "send_to_indexer" app. The client is checking in, but I'm unable to figure out how I can modify the client.
What I'm looking for is this. I manually installed the UF on the server and selected the Security logs. I'm getting those with no issues. Now I want to select the System logs, and I was wanting to do this by modifying the app and configure the UF, but I'm unable to find any documentation on doing it this way - maybe the deployment server isn't used for this?
Is there a way to modify what logs you're collecting from the deployment server, and the index that the deployment servers send to without having to manually update all servers?
↧