Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Monitoring via forwader problem

aleksandarrrc
Explorer
‎09-17-2012 03:31 AM

Hello, i am new to Splunk, and i have a task that i am trying to solve for already 7 days, and still without success. The goal was to install Windows app, and monitor from my laptop both logs from mine and colleague's pc. We've been trough all the docs about forwarders, editing inputs and outputs, installing as administrator user, but still didnt manage to collect logs from remote machine. Also we read all questions, and analyzed the answers, which helped a lot with understandings of how things work, but main goal still wasn't there.

We know that there are like thousands of same questions here, but we really have no more ideas what to do, and in which direction to go.

So we installed Splunk on my friend's PC as domain user, and installed Splunk Forwarder on my PC as local system user. In reciever window i entered his ip adres and port 9997, which stated in inputs.conf on my pc. We also try editting manually inputs.conf both on Splunk and forwarder, but still no solution.

Is it possible to go once again step-by-step with some experienced splunk user, and go through all possibilities, so we could finally start monitoring and indexing, because it is really essential to start as soon as possible.
We will provide you with any information with configuring if needed.
Thank you in advance.

Tags (1)
0 Karma
Reply

aleksandarrrc
Explorer
‎09-18-2012 02:02 AM

The problem is solved. We had to define SSL certificate in outputs.conf, tnx anyway.

Reply

MarioM
Motivator
‎09-17-2012 11:21 AM

to collect eventlogs and wmi perf metrics (used by the windows app) you need to be loggedin as local administrator on the forwarder machine or the user needs to be in the local administrator group then you need to install the splunk-for-windows-technology-add-on

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...