Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitoring via forwader problem

aleksandarrrc
Explorer
‎09-17-2012 03:31 AM

Hello, i am new to Splunk, and i have a task that i am trying to solve for already 7 days, and still without success. The goal was to install Windows app, and monitor from my laptop both logs from mine and colleague's pc. We've been trough all the docs about forwarders, editing inputs and outputs, installing as administrator user, but still didnt manage to collect logs from remote machine. Also we read all questions, and analyzed the answers, which helped a lot with understandings of how things work, but main goal still wasn't there.

We know that there are like thousands of same questions here, but we really have no more ideas what to do, and in which direction to go.

So we installed Splunk on my friend's PC as domain user, and installed Splunk Forwarder on my PC as local system user. In reciever window i entered his ip adres and port 9997, which stated in inputs.conf on my pc. We also try editting manually inputs.conf both on Splunk and forwarder, but still no solution.

Is it possible to go once again step-by-step with some experienced splunk user, and go through all possibilities, so we could finally start monitoring and indexing, because it is really essential to start as soon as possible.
We will provide you with any information with configuring if needed.
Thank you in advance.

Tags (1)
0 Karma
Reply

aleksandarrrc
Explorer
‎09-18-2012 02:02 AM

The problem is solved. We had to define SSL certificate in outputs.conf, tnx anyway.

Reply

MarioM
Motivator
‎09-17-2012 11:21 AM

to collect eventlogs and wmi perf metrics (used by the windows app) you need to be loggedin as local administrator on the forwarder machine or the user needs to be in the local administrator group then you need to install the splunk-for-windows-technology-add-on

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...