How to configure a Splunk universal forwarder and ...

Umesh_Vedicsoft · ‎02-01-2016

Can you please help me in detail with configuring the Splunk universal forwarder and receiver on Windows? I would like to get the data from a forwarder to another Windows system (receiver).

renjith_nair · ‎02-01-2016

Sure. just follow the below documentation

http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/DeployaWindowsdfmanually
http://docs.splunk.com/Documentation/Splunk/6.3.0/Installation/InstallonWindows

Even there is a video : http://www.splunk.com/view/SP-CAAAGXB

Once you installed configure your inputs.conf to forward the data

http://docs.splunk.com/Documentation/Splunk/6.1/Data/Monitorwindowsdata

Sample conf

[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index=<your index>

Configure your outputs.conf
http://docs.splunk.com/Documentation/Splunk/6.1.3/Forwarding/Configureforwarderswithoutputs.confd

[tcpout:<target_group>]
server=<receiving_server1>, <receiving_server2>, ...
<attribute1> = <val1>
<attribute2> = <val2>

Configure your receiver. http://docs.splunk.com/Documentation/Splunk/6.1/Forwarding/Enableareceiver

Sample inputs.conf

[splunktcp://9997]
disabled = 0

---
What goes around comes around. If it helps, hit it with Karma 🙂

How to configure a Splunk universal forwarder and receiver on Windows?

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

How to configure a Splunk universal forwarder and receiver on Windows?

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...