Installation

While Installing Splunk forwarder in windows, what IP address should be used for receiving indexer?

sg17
Explorer

while Installing Splunk forwarder in windows, what IP address should be used for receiving indexer?

Is it my Windows IP address?

The browser for Splunk in showing localhost address 127.0.0.1

 

Labels (2)
Tags (2)
0 Karma
1 Solution

vikramyadav
Contributor

You don't have to use any IP by default it will take your IP address. Yes, it will be your laptop IP address.

--------------------------------------

If this helps your like will be appreciated😊 

View solution in original post

nwuest
Path Finder

Hi @sg17,

A receiving indexer is a Splunk Enterprise instance that is set up as an Indexer to receive logs from other Splunk instances (Splunk Universal Forwarder / Heavy Forwarder / Splunk Enterprise)

A Splunk Universal Forwarder only has the essential components to forward data to other Splunk platform instances (Splunk Heavy Forwarder / Splunk Enterprise)

 

Are you installing a Splunk Universal Forwarder at home or at work?

  1. If you are at home, you can install/configure a Splunk Enterprise instance as an indexer to receive logs from your Splunk Universal Forwarder.
    Download Splunk Enterprise 

    Here is the Splunk documentation on getting data in
    Splunk® Enterprise Getting Data In 

  2. If you are at work, does your work have a Splunk Instance to send logs into or use Splunk as their SIEM?

We look forward to hearing from you!

V/R,
nwuest

sg17
Explorer

I am installing at home.

What ip address should I use ? Is it my laptop's ip address

0 Karma

nwuest
Path Finder

Hi @sg17,

I see you are installing the Splunk Universal Forwarder at home.  I also see that you are having trouble with your most recent reply that you are not seeing any data in the "Data Summary" in the Search and Reporting app. 

  • I'm a little confused because you say you are setting up a Splunk Universal Forwarder but a Forwarder comes with the web interface disabled

  • A Splunk Enterprise instance does come with a web interface enabled, which makes me think that you are running this and not a universal forwarder. 
    • You don't need to set an IP for a "receiving indexer" in this solution.
      If you are just trying to look at logs on your local Windows machine with a default Splunk Enterprise install, it will only ingest its own "Splunk" logs (Which come into the "_internal" index.)

      If you would like to see more logs on the local machine, please look into installing the Splunk Add-on for Windows app to get more Windows related data. 
      Splunk Add-on for Microsoft Windows 
      Or you can do some one-off's and look at a single log if wanted.
      Monitor data 

Do look forward to hearing back from you!

V/R,
nwuest

0 Karma

vikramyadav
Contributor

You don't have to use any IP by default it will take your IP address. Yes, it will be your laptop IP address.

--------------------------------------

If this helps your like will be appreciated😊 

sg17
Explorer

I have tried using my IP address but splunk is not showing my laptop in Data summary

0 Karma

vikramyadav
Contributor

127.0. 0.1 is the loopback Internet protocol (IP) address also referred to as the localhost. The address is used to establish an IP connection to the same machine or computer being used by the user.

This is not your windows ip.

Refer to this blog to check your windoes Ip.

https://networking.grok.lsu.edu/article.aspx?articleid=14842&printable=y

-------------------------------------

If this helps your like will be appreciated 🙂

 

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...