Getting Data In

Monitoring via forwader problem

Explorer

Hello, i am new to Splunk, and i have a task that i am trying to solve for already 7 days, and still without success. The goal was to install Windows app, and monitor from my laptop both logs from mine and colleague's pc. We've been trough all the docs about forwarders, editing inputs and outputs, installing as administrator user, but still didnt manage to collect logs from remote machine. Also we read all questions, and analyzed the answers, which helped a lot with understandings of how things work, but main goal still wasn't there.

We know that there are like thousands of same questions here, but we really have no more ideas what to do, and in which direction to go.

So we installed Splunk on my friend's PC as domain user, and installed Splunk Forwarder on my PC as local system user. In reciever window i entered his ip adres and port 9997, which stated in inputs.conf on my pc. We also try editting manually inputs.conf both on Splunk and forwarder, but still no solution.

Is it possible to go once again step-by-step with some experienced splunk user, and go through all possibilities, so we could finally start monitoring and indexing, because it is really essential to start as soon as possible.
We will provide you with any information with configuring if needed.
Thank you in advance.

Tags (1)
0 Karma

Explorer

The problem is solved. We had to define SSL certificate in outputs.conf, tnx anyway.

Motivator

to collect eventlogs and wmi perf metrics (used by the windows app) you need to be loggedin as local administrator on the forwarder machine or the user needs to be in the local administrator group then you need to install the splunk-for-windows-technology-add-on

0 Karma