Deployment Architecture

Splunk Universal Forwarder

heykumaran
New Member

Hello,

I installed my Splunk Universal Forwarder in CentOS Server. and started the client on the server..

i get this message

Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for typos... Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)... Done

Then how i setup in the Splunk Server to receive logs?

Help me?

0 Karma

sdaniels
Splunk Employee
Splunk Employee

Here is the link in the docs for setting up receiving on the Splunk server.

http://docs.splunk.com/Documentation/Splunk/5.0.3/Deploy/Enableareceiver

Once you do that you'll want to read this for configuring inputs.conf on the forwarder to begin bringing data into splunk.

http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Usingforwardingagents

0 Karma

sdaniels
Splunk Employee
Splunk Employee

You aren't going to see it with that admin interface of Splunk. Once you configure something to be monitored and the data gets to the Splunk server you'll start seeing data in the Search app within splunk from that host.

Take a few minutes to read the docs and it'll be very easy.

http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Editinputs.conf

0 Karma

heykumaran
New Member

Thanks
i did (Set up receiving with Splunk Web) and restarted the Splunk server... but i didn't see the client (CentOS) data on the website?

Helop me?

0 Karma

Ayn
Legend

This is essentially you asking "how does Splunk work"? http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...