Have installed universal forwardesr in my linux machines & configured as below :
Step 1: ./splunk add forward-server :
Step 2 : ./splunk set deploy-poll :
Step 3 : ./splunk add monitor /var/log ( Configured data inputs on the forwarder )
Step 4 : Re-started the splunk.
But after all these steps still its showing error like below
Error no 1 : ''Forwarder not configured'' please configure outputs.conf
Error no 2 : ''Forwarder not active''.
Please do let me know the correct configurations.
Thanks in advance ..!!
Apart from the above steps you mentioned, before that please let me know whether after installing Forwarders do i need configure outputs.conf or inuts.conf apart from Deployemnt server.conf & forwarder.conf
For self-service deployments, if you follow the steps in http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/User/ForwardDataToSplunkCloudFromLinux using Splunk Web (the Splunk user interface), you should be successful in configuring your universal forwarder and making a connection to your Splunk Cloud instance. Be sure to follow closely Steps 3, 4, and 5, and you should only have to configure the deployment server as noted in the instructions.
After following these steps, you should see your forwarder, and you should be able to configure data inputs.
You should not have to configure the outputs.conf, inputs.conf or forwarder.conf separately from the instructions listed in the link above to make a connection to your forwarder. The configuration instructions for outputs.conf and inputs.conf are for a Splunk Enterprise instance, not Splunk Cloud. This might be confusing in the Forwarding Data guide.
Please let me know if you are successful. If you continue to have issues, or you have a managed Splunk Cloud deployment, I can put you in touch with someone else that might be able to further help troubleshoot this issue.