Installed universal forwarder in windows. Checked the splunkd log and I could see the connection to server without any error as below. tried checking with firewall and ports.But still index doesnt log any events.
TcpOutputProc - Connected to idx=xxxx:9997.
Below are my conf file.
inputs.conf
[default]
host = xxxxx
[monitor:C:\opt\splunk\]
disabled = false
sourcetype = hievents
index = hiindex
Outputs.conf
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = xxxx:9997
[tcpout-server://xxxx:9997]
Please advice.
... View more