I resolved this in part due to Raúl Marín's excellent writeup and youtube video (https://raulmarin.me/2020/04/26/netflow-traffic-ingestion-with-splunk-stream-and-an-independent-stream-forwarder/ & https://www.youtube.com/watch?v=Usjy5NF0rwE, respectively). He was dealing with a similar issue of errors when choosing the 2nd option (Collect data from other machines). It turns out *both* options will give an error if the host's name isn't defined in /etc/system/local/inputs.conf. So, by adding this stanza, and restarting Splunk, that problem went away: [default]
host = splunk-hostname The wizard then started to prompt me to run the set_permissions.sh command. After adjusting permissions on the script using the command below, then running the script and restarting Splunk again, everything went smoothly sudo chmod +x ./set_permissions.sh Thanks, Gord T.
... View more