We have splunk 3.4.6 installed on one of our servers locally, on that server it was configured so that it gets logs from tomcat server instances set on that box.
We also have another tomcat server on another box and we would like to get logs of tomcat instances of the second box onto first box splunk .
What I should do to get this done.One might suggest to install splunk on second box and tell it to act as forwarder .But the first box is not configured to accept forwarded messages from another server.
Enable box one to receive data from light forwarders. (Splunk Manager, Forwarding and receiving,Receive data, click new, Listen on this port, Choose a TCP IP port to have box one listen on (9999).
Go to box (2) configure forwarding. (Splunk Manager, Forwarding and receiving, Configure forwarding, Forward data » Add New, configure Host(s) Input ip address:TCPIP port you created for box one (9999) )
Next choose which data you would like to have box 2 send to box 1.
Manager, Data inputs, choose the data you would like forwarded to box 1.
Once you have decided which data, Go back to manager.then Forwarding and receiving,
then Enable light forwarding. (CAUTION: This will immediately turn off Splunk Web. Once you restart Splunk tht is.)
For more details check out the admin manual (page 90) and other related pages