Solved: Re: Splunk Forwarder config on same sys as Splunk ...

jd3lite · ‎08-20-2020

How, and what files specifically, do I configure to get data into Splunk enterprise from the localhost? I thought it would be as simple as modifying inputs.conf that I created (shown below), but that didn't change anything. Thoughts?

\Splunk\etc\apps\SplunkForwarder\local\inputs.conf

similar to the inputs.conf file on my system with Universal Forwarder:

'\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf

Setup:
Sys1: Windows 10, Splunk Enterprise
Sys2: Windows 10, Universal Forwarder

Logs from Sys2 are in Splunk Enterprise, but I can't see anything from Sys1.

Thanks!

jd3lite · ‎08-20-2020

Solved it, silly me. For those wondering and I hope this helps someone else. I simply didn't look around close enough.

Under Splunk Enterprise ->> Settings ->> Data Inputs ->> Local event log collection (Collect event logs from this machine.)

Just needed to open my eyes. Thanks!

View solution in original post

jd3lite · ‎08-20-2020

Solved it, silly me. For those wondering and I hope this helps someone else. I simply didn't look around close enough.

Under Splunk Enterprise ->> Settings ->> Data Inputs ->> Local event log collection (Collect event logs from this machine.)

Just needed to open my eyes. Thanks!

How to configure universal forwarder on same sys as Splunk Enterprise?

universal forwarder

Windows

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation