I am trying to forward only CPU/Memory load log to the indexer. Here is what I've done so far:

1. Installed indexer(just an instance of splunk) to the server (host)
2. Added 9997 under Settings > Receiving and forwarding > receiving configuration
3. Installed splunkforwarder to my local machine
4. Added hostname(server's hostname):9997 under Settings > Receiving and forwarding > forwarding configuration
5. Installed apps for *nix to both of machines

Here's my question:

1. How can I check the forwarder actually sends data to indexer?
2. How can I check the indexer actually receives data from forwarder? (I checked /opt/~ … ~/splunk list forward-server at the local machine's cmd, but getting nothing)
3. How can I limit kinds of file (data) forwarded to indexer (in order to send only CPU/Memory load)?

I will appreciate if someone gives me step by step instruction to configure settings:

+)
I am seeing the error message says like the following from forwarder's web UI

! Tcp outout pipeline blocked. Attempt '18600'to insert data failed
! skipped indexing of internal audit even will keep dropping events until indexer congestion is remedied.

Are theses related to the connection between indexer and forwarder?