Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help needed in splunk setup

kranthi
New Member
‎07-28-2010 04:59 PM

Hello ,

We have splunk 3.4.6 installed on one of our servers locally, on that server it was configured so that it gets logs from tomcat server instances set on that box.

We also have another tomcat server on another box and we would like to get logs of tomcat instances of the second box onto first box splunk .

What I should do to get this done.One might suggest to install splunk on second box and tell it to act as forwarder .But the first box is not configured to accept forwarded messages from another server.

Any suggestion would be of help .

-Thanks,

Kranthi

0 Karma
Reply

Voltaire
Communicator
‎07-28-2010 11:45 PM

Enable box one to receive data from light forwarders. (Splunk Manager, Forwarding and receiving,Receive data, click new, Listen on this port, Choose a TCP IP port to have box one listen on (9999). Go to box (2) configure forwarding. (Splunk Manager, Forwarding and receiving, Configure forwarding, Forward data » Add New, configure Host(s) Input ip address:TCPIP port you created for box one (9999) ) Next choose which data you would like to have box 2 send to box 1. Manager, Data inputs, choose the data you would like forwarded to box 1. Once you have decided which data, Go back to manager.then Forwarding and receiving,
then Enable light forwarding. (CAUTION: This will immediately turn off Splunk Web. Once you restart Splunk tht is.)

For more details check out the admin manual (page 90) and other related pages

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...