Deployment Architecture
Highlighted

Forward Data to Splunk Server

New Member

Hi, I am new to Splunk and I would like to ask how to send data over from the client PC over to my Splunk server, which is in a VM workStation. (I know it had to use a fowarder, but I just could't get my data to send over, and config, the receiver to using port 9997.(I am capturing tcp packet))

0 Karma
Highlighted

Re: Forward Data to Splunk Server

Legend

Some more information could certainly help - where are you currently getting stuck?

0 Karma
Highlighted

Re: Forward Data to Splunk Server

New Member

I am currently stuck at unable to send data over to my splunk server.

0 Karma
Highlighted

Re: Forward Data to Splunk Server

Communicator

Hey Kai191,
I think Ayn is trying to get some further information on your set up and what troubleshooting you have performed so far. Can you please do the following and provide the answers:
1. can you telnet from the forwarder to indexer on port 9997, eg; telnet 9997
2. Have you set up the /opt/splunkforwarder/etc/system/local/outputs.conf and print out the info
3. Can you please run a netstat to see if ports are listening on the index host, eg; netstat -tnap | grep 9997
4. Are you seeing any errors in the splunkd or metrics logs on the forwarder.

Regards Vince

0 Karma
Highlighted

Re: Forward Data to Splunk Server

New Member

Hi Vince,
1) I am unable to telnet.
2) I had set the file in the required path.
3) I used netstat -a it show 0.0.0.0 9997 is listening (is it correct?)
4) how do i see the splunkd or metric log?
I am just a beginner in splunk, so your patience is much appreciated

Thanks in advance for the help.

0 Karma
Highlighted

Re: Forward Data to Splunk Server

Communicator

Can you use the universal forwarder ?

0 Karma
Highlighted

Re: Forward Data to Splunk Server

New Member

I only installed the splunk forwarder

0 Karma
Highlighted

Re: Forward Data to Splunk Server

Legend

That is likely the same thing.

0 Karma
Highlighted

Re: Forward Data to Splunk Server

Communicator

Hey Kai191, with regard to the logs, if you are on the forwarder and you go to the following location, you will be able to see the log files:
/opt/splunkforwarder/var/log/splunk

Have a look through the splunkd logs...this should let you know if there are any connection issues with the forwarder connecting to the indexer

0 Karma
Highlighted

Re: Forward Data to Splunk Server

New Member

Hi,

I am new to splunk. I used splunk forwarder to forward data to splunk indexer(receiver). Can you please suggest how to check on the receiver that the data sent from the forwarder is indexed.

Thanks,
Neel

0 Karma