The Forwarder/Indexer relationship can be considered platform agnostic (within the sphere of supported platforms) because they exchange their data handshake (and the data, if you wish) over TCP.
Configure the indexer to listen on a port (TCP 9997 by default)
Configure the forwarder to output data to you indexer:listeningPort
(See Configure forwarder with outputs.conf)
Be sure that you have edited the respective firewalls to allow communication on those ports.
configure inputs.conf on the forwarder to monitor data or ports etc... using standard "Getting Data In" practices.
The forwarder will send a heartbeat to the indexer over an interval. As long as the indexer answers back... the forwarder will send data in 64k chunks to your indexer.
Check THIS out for step by step.
The Forwarder/Indexer relationship can be considered platform agnostic (within the sphere of supported platforms) because they exchange their data handshake (and the data, if you wish) over TCP.
Configure the indexer to listen on a port (TCP 9997 by default)
Configure the forwarder to output data to you indexer:listeningPort
(See Configure forwarder with outputs.conf)
Be sure that you have edited the respective firewalls to allow communication on those ports.
configure inputs.conf on the forwarder to monitor data or ports etc... using standard "Getting Data In" practices.
The forwarder will send a heartbeat to the indexer over an interval. As long as the indexer answers back... the forwarder will send data in 64k chunks to your indexer.
Check THIS out for step by step.