Installation

While Installing Splunk forwarder in windows, what IP address should be used for receiving indexer?

sg17
Explorer

while Installing Splunk forwarder in windows, what IP address should be used for receiving indexer?

Is it my Windows IP address?

The browser for Splunk in showing localhost address 127.0.0.1

 

Labels (2)
Tags (2)
0 Karma
1 Solution

vikramyadav
Contributor

You don't have to use any IP by default it will take your IP address. Yes, it will be your laptop IP address.

--------------------------------------

If this helps your like will be appreciated😊 

View solution in original post

nwuest
Path Finder

Hi @sg17,

A receiving indexer is a Splunk Enterprise instance that is set up as an Indexer to receive logs from other Splunk instances (Splunk Universal Forwarder / Heavy Forwarder / Splunk Enterprise)

A Splunk Universal Forwarder only has the essential components to forward data to other Splunk platform instances (Splunk Heavy Forwarder / Splunk Enterprise)

 

Are you installing a Splunk Universal Forwarder at home or at work?

  1. If you are at home, you can install/configure a Splunk Enterprise instance as an indexer to receive logs from your Splunk Universal Forwarder.
    Download Splunk Enterprise 

    Here is the Splunk documentation on getting data in
    Splunk® Enterprise Getting Data In 

  2. If you are at work, does your work have a Splunk Instance to send logs into or use Splunk as their SIEM?

We look forward to hearing from you!

V/R,
nwuest

sg17
Explorer

I am installing at home.

What ip address should I use ? Is it my laptop's ip address

0 Karma

nwuest
Path Finder

Hi @sg17,

I see you are installing the Splunk Universal Forwarder at home.  I also see that you are having trouble with your most recent reply that you are not seeing any data in the "Data Summary" in the Search and Reporting app. 

  • I'm a little confused because you say you are setting up a Splunk Universal Forwarder but a Forwarder comes with the web interface disabled

  • A Splunk Enterprise instance does come with a web interface enabled, which makes me think that you are running this and not a universal forwarder. 
    • You don't need to set an IP for a "receiving indexer" in this solution.
      If you are just trying to look at logs on your local Windows machine with a default Splunk Enterprise install, it will only ingest its own "Splunk" logs (Which come into the "_internal" index.)

      If you would like to see more logs on the local machine, please look into installing the Splunk Add-on for Windows app to get more Windows related data. 
      Splunk Add-on for Microsoft Windows 
      Or you can do some one-off's and look at a single log if wanted.
      Monitor data 

Do look forward to hearing back from you!

V/R,
nwuest

0 Karma

vikramyadav
Contributor

You don't have to use any IP by default it will take your IP address. Yes, it will be your laptop IP address.

--------------------------------------

If this helps your like will be appreciated😊 

sg17
Explorer

I have tried using my IP address but splunk is not showing my laptop in Data summary

0 Karma

vikramyadav
Contributor

127.0. 0.1 is the loopback Internet protocol (IP) address also referred to as the localhost. The address is used to establish an IP connection to the same machine or computer being used by the user.

This is not your windows ip.

Refer to this blog to check your windoes Ip.

https://networking.grok.lsu.edu/article.aspx?articleid=14842&printable=y

-------------------------------------

If this helps your like will be appreciated 🙂

 

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...