I already installed the universal forwarder on a Windows system. What I would like to do is get the data into another Windows system from the forwarder, but I can't figure this out, so please help me.
I have set the forwarder and receiver to listen on port 9997.
I configured like this on my receiver machine:
inputs.conf file
[default]
host = TRAINING12
[splunktcp://9997]
connection_host=ip
deployementclient.conf
[deployment-client]
[target-broker:deploymentServer]
targetUri= deploymentserver.splunk.satishnagalla:9997
serverclass.conf
[serverClass:satishnagalla:app:_server_app_rakesh]
restartSplunkWeb = 0
restartSplunkd = 0
stateOnClient = enabled
[serverClass:satishnagalla]
whitelist.0 = *
[serverClass:satishnagalla:app:_server_app_satishnagalla]
I configured like this in my forwarder machine:
output.conf file:
[tcpout]
defaultGroup=receiver
indexAndForward=true
[tcpout:receiver]
disabled = false
server=VEDICINDIA-PC:9996,TRAINING12:9997
[tcpout-server://TRAINING12:9997]
inputs.conf file:
[default]
host = satishnagalla
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
i got the answer from somebody else which is related to your question. It may use full for you check it once.
https://answers.splunk.com/answers/352888/how-to-configure-the-splunk-universal-forwarder-an.html
Is your outputs.conf
pointing to your indexer?