- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to configure a Splunk universal forwarder and receiver on Windows?
Can you please help me in detail with configuring the Splunk universal forwarder and receiver on Windows? I would like to get the data from a forwarder to another Windows system (receiver).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure. just follow the below documentation
http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/DeployaWindowsdfmanually
http://docs.splunk.com/Documentation/Splunk/6.3.0/Installation/InstallonWindows
Even there is a video : http://www.splunk.com/view/SP-CAAAGXB
Once you installed configure your inputs.conf to forward the data
http://docs.splunk.com/Documentation/Splunk/6.1/Data/Monitorwindowsdata
Sample conf
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index=<your index>
Configure your outputs.conf
http://docs.splunk.com/Documentation/Splunk/6.1.3/Forwarding/Configureforwarderswithoutputs.confd
[tcpout:<target_group>]
server=<receiving_server1>, <receiving_server2>, ...
<attribute1> = <val1>
<attribute2> = <val2>
Configure your receiver. http://docs.splunk.com/Documentation/Splunk/6.1/Forwarding/Enableareceiver
Sample inputs.conf
[splunktcp://9997]
disabled = 0
What goes around comes around. If it helps, hit it with Karma 🙂
