Hi I have installed both splunk enterprise and universal forwarder .I have added a receiver from splunk web interface and configured the forwarder to send data. But the Receiver is not receiving the data. Then i manually edited the inputs.conf for receiving the data, but still it is not receiving. It is showing the following exception in splunkd log--
ERROR TcpInputProc - Received unexpected 825371952 byte message (Invalid payload_size=825371952 received while in parseState=1)! from src=127.0.0.1:61811

The configuration are as follows:

Receiver: inputs.conf

[default]

host = admin-PC

[monitor://$SPLUNK_HOME\etc\splunk.version]

disabled = true

[monitor://$SPLUNK_HOME\var\log\splunk]

disabled = true

[batch://$SPLUNK_HOME\var\spool\splunk]

disabled = true

[batch://$SPLUNK_HOME\var\spool\splunk...stash_new]

disabled = true

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]

disabled = true

[splunktcp://9002]

disabled=false

Forwarder :inputs.conf

[default]

host = admin-PC

[monitor://D:\seachange\log\datagateway.log]

index = main

disabled = false

Forwarder :outputs.conf

[tcpout]

defaultGroup = default-autolb-group

[tcpout:default-autolb-group]

server = localhost:9002

sendCookedData = false

[tcpout-server://localhost:9002]

Now when i delete the receiver and configure a TCP input from Add Data section in web interface it starts receiving data but it also receives the data from Application/System log.How all this happening. I want only the receiver to collect data and the data should be only from the log i specified in inputs.conf in forwarder.FYI i am working on Windows 7 system.

I will highly appreciate any ones help.Please point me out where i am wrong.