Hi Alepy, for this task you will need a universal forwarder on the machine that will be sending the data and the receiving machnine will need to listen on a port you are sending the data to. Im assuming from your last post that you want to send the logs from your local Windows system to the Windows system on your virtual box. 1. Make sure you the systems can find each other in the network. 2. Log into your Splunk Enterprise system on your Virtual Box and go to "Settings" -> "Forwarding and receiving" -> "Configure receiving" -> "New receiving port". Give it port 9997 and confirm. 3. Download a Windows universal forwarder on and install it on your machine which you want to monitor. You can find the download to the windows forwarder here: https://www.splunk.com/de_de/download/universal-forwarder.html Installation tutorial: https://docs.splunk.com/Documentation/Forwarder/8.0.4/Forwarder/InstallaWindowsuniversalforwarderfromaninstaller At some point in the installation you can add the destination of your receiving indexer ( your virtual box windows ). Put in the IP + port your defined on your Splunk Enterprise machine ( 9997 ). You can also configure Windows monitoring at some point which i didnt do yet, so i can't give you an advice on this one. The way i did it was to leave that point empty and install the "Splunk Add-On for Microsoft Windows" and "Splunk App for Windows Infrastructure" for Windows monitoring. You can find those apps here on Splunk base with links to their documentation. They are free to use. Splunk Add-on for Microsoft Windows: https://splunkbase.splunk.com/app/742/ Windows app for infrastructure: https://splunkbase.splunk.com/app/1680/
... View more