Getting Data In

How to configure universal forwarder on same sys as Splunk Enterprise?

jd3lite
Engager

How, and what files specifically, do I configure to get data into Splunk enterprise from the localhost? I thought it would be as simple as modifying inputs.conf that I created (shown below), but that didn't change anything. Thoughts?

\Splunk\etc\apps\SplunkForwarder\local\inputs.conf

similar to the inputs.conf file on my system with Universal Forwarder:

'\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf

Setup:
Sys1: Windows 10, Splunk Enterprise
Sys2: Windows 10, Universal Forwarder 

Logs from Sys2 are in Splunk Enterprise, but I can't see anything from Sys1.

Thanks!

Labels (2)
0 Karma
1 Solution

jd3lite
Engager

Solved it, silly me. For those wondering and I hope this helps someone else. I simply didn't look around close enough.

Under Splunk Enterprise ->> Settings ->> Data Inputs ->> Local event log collection (Collect event logs from this machine.)

Just needed to open my eyes. Thanks!

View solution in original post

0 Karma

jd3lite
Engager

Solved it, silly me. For those wondering and I hope this helps someone else. I simply didn't look around close enough.

Under Splunk Enterprise ->> Settings ->> Data Inputs ->> Local event log collection (Collect event logs from this machine.)

Just needed to open my eyes. Thanks!

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...