Just a quick puppet [login to view URL] which installs the splunk forwarder and monitor a certain log file, and send to a specific index. You may even have one already made….. Like below which doesn’t work:
#
# Nor Server
#
class norwindowsprod {
splunk::monitor { 'nor-prod':
server => '[login to view URL]',
index => 'nor-prod',
logpath => ['C:\Nor\log'],
}
class { '::splunk::forwarder':
package_ensure => 'latest',
}
}