Hi There,
I'm very new to splunk and trying to do a POC on my laptop. I installed windows version of splunk and installed the splunk. I'm trying to configure the forwader and receiver to search the event logs on laptop.
For receivers I configured it via splunk web
Manager >> Forwarding and receiving >> Configuring receiving and gave the port as 9997
For forwaders
Following files were modified
$SPLUNK_HOME\etc\apps\SplunkLightForwarder\default\inputs.conf
Copy paste mistake, my inputs.conf file has the following info.
[monitor://C:\\Windows\\System32\\winevt\\Logs\\*.*]
_TCP_ROUTING = my_indexers
$SPLUNK_HOME\etc\system\local\outputs.conf
[tcpout]
defaultGroup=my_indexers
[tcpout:my_indexers]
compressed=false
server=localhost:9997
After above changes I restarted the splunkd and splunk web and tried the following in the search
index = my_indexers
which is returning nothing......
Did I miss any configurations? do I need to install any windows app for forwarders please advise, thank you very much.
... View more