When I try to add an account to setup the forwarder, splunk tells me the following:
"Users is an Enterprise license-level feature and is currently not available on this instance.
To enable this and other Enterprise features, learn more about licenses at Splunk.com or contact Splunk Sales directly."
Am I doing something wrong or is the free version designed primarily for windows? Or is there a setting which will allow the admin account to authenticate this user for forwarding? Thanks for the help.
looks like a bug to me, but if you're using a forwarder, you should enable the forwarder license instead of the free license. in either case, you should be able to enable forwarding by creating a configuration file, which I always prefer to executing the command. Create outputs.conf:
defaultGroup = indexerGroup
server = 10.0.155.112:9997