I have existing Universal Forwarder setup for our prod Splunk Enterprise instance. Now, I am trying to setup a dev Splunk instance. I would like to receive data from the same forwarder which is already being used to provide data to prod instances.
I have set the receiver port in my new Splunk instance(lets say host ip as 10.99.1.123) as 9997. And added the same to tcpout servers list as 10.99.1.123:9997 in outputs.conf file of our universal forwarder.
But I am not able to find how to specify the forwarder details in inputs.conf file in my newly created Splunk instance.
Please let me know if the above process is correct and how to setup the inputs.conf file in order to receive data from the Universal Forwarder.
... View more