All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk Stream on Windows?

z270p
New Member
‎03-27-2018 02:29 PM

Hi!

Having some trouble configuring windows to collect data from a Windows forwarder(UF). I have a heavy forwarder configured with token where I also have Splunk_TA_stream installed.
On the search head I have both TA_stream and the actual stream app.
On the Windows forwarder, I have pushed out the TA_stream app with inputs.conf pointing towards the search head. I have also made sure the FW openings have been made so that not an issue.

However can't seem to get a connection to the Windows server. I have it configured on a Linux host which works fine.

Read something about WinPcap. I found the docs a bit confusing here though. Something I need to manually install?

Does anyone have other tips or "good to know" knowledge when it comes to stream and windows forwarder?

Perhaps to get some help I need to specify more info. Let me know in that case!

Thanks!

0 Karma
Reply

z270p
New Member
‎03-27-2018 03:16 PM

log4cplus.appender.streamfwdlog.File=./streamfwd.log

0 Karma
Reply

z270p
New Member
‎03-27-2018 03:03 PM

No streamfwd.log seems to have been created I just noticed. On the Windows client-server that is.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...