Having some trouble configuring windows to collect data from a Windows forwarder(UF). I have a heavy forwarder configured with token where I also have SplunkTAstream installed.
On the search head I have both TAstream and the actual stream app.
On the Windows forwarder, I have pushed out the TAstream app with inputs.conf pointing towards the search head. I have also made sure the FW openings have been made so that not an issue.
However can't seem to get a connection to the Windows server. I have it configured on a Linux host which works fine.
Read something about WinPcap. I found the docs a bit confusing here though. Something I need to manually install?
Does anyone have other tips or "good to know" knowledge when it comes to stream and windows forwarder?
Perhaps to get some help I need to specify more info. Let me know in that case!