Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarder configuration to forward os data

mkashif
Explorer
‎06-03-2011 12:49 AM

Hello,

How can I install and configure a forwarder at my windows machine to transfer OS data (cpu load, memory etc) to my splunk indexer (running at a solaris machine).

I want windows machine data to be displayed in my NIX app at my indexer.

Guide me about what configurations would i have to make for this. Also about would i need a universal forwarder for this or a light forwarder?

Regards,

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mw
Splunk Employee
Splunk Employee
‎06-05-2011 09:05 AM

You'll have to configure your indexer to receive data. Install the Windows Universal Forwarder and set it to forward to the indexer (you should be prompted to do this during the install, but here's the doc: http://www.splunk.com/base/Documentation/4.2.1/Deploy/Configureforwarderswithoutputs.confd ). During the install you can also enable Perfmon inputs, but I believe there's a bug right now in the installer where the Perfmon inputs won't actually be created, so I think you'll have to do it by hand -- http://www.splunk.com/base/Documentation/latest/Admin/Perfmonconf .

However, the Windows data won't show in the nix app. You'll want to install the Windows app on the search head.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mkashif
Explorer
‎06-05-2011 11:54 PM

Thank you for your answer dear,

I have installed the forwarder at windows machine and my perfmon data is being shown in my indexer when i perform a search by ip address.

The problem i am getting was that the data is not being shown in nix app which u have answered that windows data is not supported in nix app.

I have deployed another forwarder at a Solaris machine but its data is also not being shown in NIX. As I understand it might be the problem in configuration.

What I did is just installed the universal forwarder at machine and have configured the port in its output.conf file. The data of this machine is also being shown when i perform a search by ip however the host is not being listed under host list in NIX app. Do i have to make any further configurations in it ?

Regards,

0 Karma
Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎06-06-2011 05:06 AM

Did you configure any inputs on the Solaris machine? If not, you can deploy the full Unix app to the Solaris machine, and enabling the inputs. (i.e. copy the desired stanza headers from default/inputs.conf to local/inputs.conf and setting disabled = false)

0 Karma
Reply
Solved! Jump to solution
Solution

mw
Splunk Employee
Splunk Employee
‎06-05-2011 09:05 AM

You'll have to configure your indexer to receive data. Install the Windows Universal Forwarder and set it to forward to the indexer (you should be prompted to do this during the install, but here's the doc: http://www.splunk.com/base/Documentation/4.2.1/Deploy/Configureforwarderswithoutputs.confd ). During the install you can also enable Perfmon inputs, but I believe there's a bug right now in the installer where the Perfmon inputs won't actually be created, so I think you'll have to do it by hand -- http://www.splunk.com/base/Documentation/latest/Admin/Perfmonconf .

However, the Windows data won't show in the nix app. You'll want to install the Windows app on the search head.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...