Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure inputs.conf and outputs.conf for full Splunk instance and a universal forwarder?

Raghav2384
Motivator
‎08-18-2014 04:11 PM

Hello Experts,

I have two laptops A & B both on same network. I have Installed Splunk free version on Laptop A and installed Universal Forwarder on Laptop B. I have tried to write something in inputs.conf on Laptop A assuming that data would flow in magically. Do i need to write something on Laptop B's inputs.conf or Outputs.conf?
I want to start here first and explore all the other features one by one. I tried to look for something in the Q&A but didn't match any. Any help is much appreciated.

Thanks,
Raghav

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

strive
Influencer
‎08-18-2014 04:25 PM

Basically you have installed Splunk Enterprise trial version on laptop A and Splunk universal forwarder on laptop B.

You want to send data from laptop B to laptop A?

You need to configure inputs.conf and outputs.conf both on laptop B. inputs.conf for monitoring and outputs.conf to say where to send data to.

Depending on your parsing requirements, you need to configure props.conf and transforms.conf on your laptop A.

Check these links to understand how to get data in

http://docs.splunk.com/Documentation/Splunk/6.1.3/Data/Configureyourinputs
http://wiki.splunk.com/Community:Getting_data_into_Splunk

The data pipeline details are present in this link http://docs.splunk.com/Documentation/Splunk/6.1.3/Deploy/Datapipeline

View solution in original post

Reply
Solved! Jump to solution
Solution

strive
Influencer
‎08-18-2014 04:25 PM

Basically you have installed Splunk Enterprise trial version on laptop A and Splunk universal forwarder on laptop B.

You want to send data from laptop B to laptop A?

You need to configure inputs.conf and outputs.conf both on laptop B. inputs.conf for monitoring and outputs.conf to say where to send data to.

Depending on your parsing requirements, you need to configure props.conf and transforms.conf on your laptop A.

Check these links to understand how to get data in

http://docs.splunk.com/Documentation/Splunk/6.1.3/Data/Configureyourinputs
http://wiki.splunk.com/Community:Getting_data_into_Splunk

The data pipeline details are present in this link http://docs.splunk.com/Documentation/Splunk/6.1.3/Deploy/Datapipeline

Reply
Solved! Jump to solution

Raghav2384
Motivator
‎08-18-2014 06:26 PM

strive - Thank you for the info 🙂
I just realized that 9997 was assigned to Laptop C long time ago :)...all set now.Thank you!

@ppablo_splunk- Thank you for the links....I really appreciate you guys! cheers!

0 Karma
Reply
Solved! Jump to solution

ppablo
Retired
‎08-18-2014 04:32 PM

Some additional useful documentation to help understand the process (keep in mind the cluster information on this page isn't relevant to what you're trying to do so just ignore that)
http://docs.splunk.com/Documentation/Splunk/6.1.3/Forwarding/Setupforwardingandreceiving

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top