Hello ,
I am trying to configure a new Splunk server (search head/indexer, have one). Currently have installed the forwarder with a different server name which is being decommissioned, and now need to forward the logs to a new server. I know one location to change would be ets/system/local/output.conf ... I am still not able to get any logs in the new Splunk console. Where else would we need to update the new Splunk server name?
Few points: this new Splunk server is in Linux, 6.5 E version.
Forwarder: Windows, Splunk universal forwarder 6.3.2
Thanks.
... View more