Solved: Splunk Configuration

mailmetoramu · ‎04-02-2018

Hi All,

Have installed Universal forwarder in my VM linux machine & Splunk Enterprise in my Windows laptop.

Configured universal forwarder indexer IP : Windows Laptop IP :9997 in the outputs.conf.

Please let me know the further configuration i need to do so that i can get the VM linux machines logs into my windows laptop splunk enterprise GUI.

Thanks,

Ramu.R

adonio · ‎04-02-2018

hello there,

did you enable inputs on 9997 on your laptop? (inputs.conf)
do you have a connection between VM and laptop?
do you have a defined index for linux data that matches your inputs.conf on VM?
look at this link and follow the guidlines.
http://docs.splunk.com/Documentation/Splunk/7.0.3/Troubleshooting/Cantfinddata

we are here to help

adonio · ‎04-02-2018

hello there,

did you enable inputs on 9997 on your laptop? (inputs.conf)
do you have a connection between VM and laptop?
do you have a defined index for linux data that matches your inputs.conf on VM?
look at this link and follow the guidlines.
http://docs.splunk.com/Documentation/Splunk/7.0.3/Troubleshooting/Cantfinddata

we are here to help

Splunk Configuration