Building for the Splunk Platform

How to configure inputs.confg & outputs.confg for splunk forwarder on windows pls help me out

ChandrashekharB
New Member

How to configure inputs.confg & outputs.confg for splunk forwarder on windows pls help me out

Tags (1)
0 Karma

wagnerbianchi
Splunk Employee
Splunk Employee

As you know, the forwarder is controlled via CLI exclusively as Driany mentioned. Based on that, you will be able to add some stanzas to inputs.conf using command like that one available below:

$ splunk add monitor "C:\logs"

This will write a new stanza in forwarder's inputs.conf and all the configured servers will receive data collect from the files located into "C:\logs" dir.

outputs.conf is used to set up configuration level and groups of indexers which will receive collected data. Give you a chance to read the online manual regarding outputs.conf that is a forwarder's exclusive file: http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Configureforwarderswithoutputs.confd

Cheers, WB

0 Karma

ChandrashekharB
New Member

ok..tnq wagnerbianchi

0 Karma

Drainy
Champion

From the detail of your question, you're probably best starting here;
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Setupforwardingandreceiving

0 Karma

Drainy
Champion

I've just re-read this entire thread and have no idea where we started or really ended. Glad it helped though!

0 Karma

ChandrashekharB
New Member

Exactly i did not get about CLI any way tnq for your suport..

0 Karma

Drainy
Champion

You don't... the forwarder is controlled via CLI exclusively. Have you actually read the link I've pasted? Please read it, you'll actually learn how it works and how to configure it.

0 Karma

ChandrashekharB
New Member

well it show stoped and started forwarder but how i can open in browser

0 Karma

Drainy
Champion

Well it should still start, can you paste exactly what it prints when you try to do a splunk start on the command line?

0 Karma

ChandrashekharB
New Member

when i was execute cmd in bin directory

splunk restart
spunk setup was coming after clicking yes it will take 1min after that i got message unable to start forwarder
i did not configure anything while i was installing may b that is reason how to overcome that..pls

0 Karma

Drainy
Champion

... your question doesn't even mention this. Could you edit the original question with the real question and what errors you are receiving when starting etc?

0 Karma

ChandrashekharB
New Member

My problem is i unable to run splunk forwader after i was instaling

0 Karma

Drainy
Champion

What do you mean? You need an input to define what is input to the forwarder and you need an output to define what is output to the indexer. If read the link I've pasted above you'll have a good understanding of how they work and how to configure the outputs, the inputs are identical to the indexer configuration so just use what you should have learnt from the main Splunk tutorial to build that.

0 Karma

ChandrashekharB
New Member

what config require input and output files on this location
C..>Program Files..>SplunkUniversalForwarder..>etc..>system..>local

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...