I need to know what are the security measures that is should take if i want to introduce universal forwarder on a production environment to forward data to splunk instance on another machine.
You may want to encrypt the log traffic with proper SSL-keys, and not the ones that come by default.
Change the splunk password from 'changeme' into something else.
You might consider Forwarder Acknoledgement, to ensure that data gets written to index.
View solution in original post
Also, if possible, change the user that Splunk runs as:
Its worth adding that if you install Splunk via the rpm on linux it will handle this for you