Splunk Enterprise

splunk universal forwarder installation issue in docker

ag_dev
New Member

I have Splunk enterprise installed in docker on port 8000 as follows: 

docker run -it --name=splunk -p 8000:8000 -p 8088:8088 -v splunk_etc:/opt/splunk/etc -v splunk_var:/opt/splunk/var -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=<password> splunk/splunk:latest start

I am trying to install universal forwarder to forward log files to splunk instance. I used the command from this link : https://docs.splunk.com/Documentation/Forwarder/8.2.0/Forwarder/Deployandrunauniversalforwarderinsid...

docker run -d -p 9997:9997 -e SPLUNK_START_ARGS='--accept-license' -e SPLUNK_PASSWORD='<password>' --name uf splunk/universalforwarder:latest

and get the following error: 

ag_dev_0-1624468293727.png

Does a HEC need to be set-up for file forwarding?. 

Labels (1)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>