Getting Data In
Highlighted

How to configure a Splunk universal forwarder and receiver on Windows?

Path Finder

Can you please help me in detail with configuring the Splunk universal forwarder and receiver on Windows? I would like to get the data from a forwarder to another Windows system (receiver).

Highlighted

Re: How to configure a Splunk universal forwarder and receiver on Windows?

SplunkTrust
SplunkTrust

Sure. just follow the below documentation

http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/DeployaWindowsdfmanually
http://docs.splunk.com/Documentation/Splunk/6.3.0/Installation/InstallonWindows

Even there is a video : http://www.splunk.com/view/SP-CAAAGXB

Once you installed configure your inputs.conf to forward the data

http://docs.splunk.com/Documentation/Splunk/6.1/Data/Monitorwindowsdata

Sample conf

[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index=<your index>

Configure your outputs.conf
http://docs.splunk.com/Documentation/Splunk/6.1.3/Forwarding/Configureforwarderswithoutputs.confd

[tcpout:<target_group>]
server=<receiving_server1>, <receiving_server2>, ...
<attribute1> = <val1>
<attribute2> = <val2>

Configure your receiver. http://docs.splunk.com/Documentation/Splunk/6.1/Forwarding/Enableareceiver

Sample inputs.conf

[splunktcp://9997]
disabled = 0
0 Karma