Solved: While Installing Splunk forwarder in windows, what...

sg17 · ‎11-22-2020

while Installing Splunk forwarder in windows, what IP address should be used for receiving indexer?

Is it my Windows IP address?

The browser for Splunk in showing localhost address 127.0.0.1

vikramyadav · ‎11-23-2020

You don't have to use any IP by default it will take your IP address. Yes, it will be your laptop IP address.

--------------------------------------

If this helps your like will be appreciated😊

View solution in original post

nwuest · ‎11-22-2020

Hi @sg17,

A receiving indexer is a Splunk Enterprise instance that is set up as an Indexer to receive logs from other Splunk instances (Splunk Universal Forwarder / Heavy Forwarder / Splunk Enterprise)

A Splunk Universal Forwarder only has the essential components to forward data to other Splunk platform instances (Splunk Heavy Forwarder / Splunk Enterprise)

Are you installing a Splunk Universal Forwarder at home or at work?

If you are at home, you can install/configure a Splunk Enterprise instance as an indexer to receive logs from your Splunk Universal Forwarder.
Download Splunk Enterprise

Here is the Splunk documentation on getting data in
Splunk® Enterprise Getting Data In
If you are at work, does your work have a Splunk Instance to send logs into or use Splunk as their SIEM?

We look forward to hearing from you!

V/R,
nwuest

sg17 · ‎11-23-2020

I am installing at home.

What ip address should I use ? Is it my laptop's ip address

nwuest · ‎11-23-2020

Hi @sg17,

I see you are installing the Splunk Universal Forwarder at home. I also see that you are having trouble with your most recent reply that you are not seeing any data in the "Data Summary" in the Search and Reporting app.

I'm a little confused because you say you are setting up a Splunk Universal Forwarder but a Forwarder comes with the web interface disabled.
A Splunk Enterprise instance does come with a web interface enabled, which makes me think that you are running this and not a universal forwarder.
- You don't need to set an IP for a "receiving indexer" in this solution.
  If you are just trying to look at logs on your local Windows machine with a default Splunk Enterprise install, it will only ingest its own "Splunk" logs (Which come into the "_internal" index.)
  
  If you would like to see more logs on the local machine, please look into installing the Splunk Add-on for Windows app to get more Windows related data.
  Splunk Add-on for Microsoft Windows
  Or you can do some one-off's and look at a single log if wanted.
  Monitor data

Do look forward to hearing back from you!

V/R,
nwuest

vikramyadav · ‎11-23-2020

You don't have to use any IP by default it will take your IP address. Yes, it will be your laptop IP address.

--------------------------------------

If this helps your like will be appreciated😊

sg17 · ‎11-23-2020

I have tried using my IP address but splunk is not showing my laptop in Data summary

vikramyadav · ‎11-22-2020

127.0. 0.1 is the loopback Internet protocol (IP) address also referred to as the localhost. The address is used to establish an IP connection to the same machine or computer being used by the user.

This is not your windows ip.

Refer to this blog to check your windoes Ip.

https://networking.grok.lsu.edu/article.aspx?articleid=14842&printable=y

-------------------------------------

If this helps your like will be appreciated 🙂

While Installing Splunk forwarder in windows, what IP address should be used for receiving indexer?

universal forwarder

Windows

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform