Any help is appreciated OK, I installed splunk on a docker instance, docker run -d --name Splunk --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -p 8000:8000 -p 8089:8089 -p 9997:9997 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=SUPER-SECRET" splunk/splunk:latest Then I went to settings, forwarding and receiving, Receive data, Configure receiving and made sure Liston On Port 9997 was enabled Added a new Username and new password Then I went to an ubuntu 22.04 I think and ran (ChatGPT aided in some of this) * sudo su
* useradd -m splunk
* groupadd splunk (Which if memory serves it said group already existed)
* export SPLUNK_HOME="/opt/splunkforwarder"
* mkdir $SPLUNK_HOME
* Then I cd'd into the splunk home directory
* chown -R splunk:splunk $SPLUNK_HOME
* wget -O splunkforwarder-9.0.5-Not Sure if these were account specific so removed them-linux-2.6-amd64.deb "https://download.splunk.com/products/universalforwarder/releases/9.0.5/linux/splunkforwarder-9.0.5-Not Sure if these were account specific so removed them-linux-2.6-amd64.deb"
* dpkg -i /path/to/splunkforwarder_package_name.deb
* chown -R splunk:splunk /opt/splunkforwarder
* sudo -u splunk /opt/splunkforwarder/bin/splunk add forward-server My-IP-Address-To-Docker:9997 -auth New-Username:New-Password * That then made me agree and enter the username and password I created for Splunk in Docker * sudo -u splunk /opt/splunkforwarder/bin/splunk set deploy-poll IP-to-Docker:8089
* sudo -u splunk /opt/splunkforwarder/bin/splunk restart * Then I go to settings, Add Data, Forward and I see There are currently no forwarders configured as deployment clients to this instance. * Also if I go to Forwarder management I see The forwarder management UI distributes deployment apps to Splunk clients. No clients or apps are currently available on this deployment server. What am I doing wrong?
... View more