Installed universal forwarder in windows. Checked the splunkd log and I could see the connection to server without any error as below. tried checking with firewall and ports.But still index doesnt log any events.
TcpOutputProc - Connected to idx=xxxx:9997.
Below are my conf file.
host = xxxxx
disabled = false
sourcetype = hievents
index = hiindex
defaultGroup = default-autolb-group
server = xxxx:9997
Please check for monitor syntax: [monitor://]
here are some typical troubleshooting tips:
Last but not least do the usual troubleshooting around Splunk, is everything doing what it should do and so on.
hope this helps ...