Getting Data In

How to extract logs from windows servers that can not communicate with the indexer?

Path Finder

Good Morning,

I have two servers in the dmz that can not communicate with the indexer.

How can I get the data from those two servers? They are windows servers. I can install a Universal Forwarder and point to my SplunkuniversalForwarder (Centos7) DMZ to Centos can comunicate.

How shuold I configure it?

Windows Server(UF) -> Centos7(SplunkUF) -> Centos7(Indexer)

0 Karma

Motivator

Hey @christianubeda,

Yes you can set up an intermediate forwarder to send the data across.
Please refer this doc:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Forwarding/Configureanintermediateforwarder

Let me know if this helps!!

0 Karma