Hi all, I successfully forward data from Windows using the command msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet from Install a Windows universal forwarder . The same for Linux with the command ./splunk add monitor /var/log from Configure the universal forwarder using configuration files . Both works fine and I can see the hosts in the Data Summary as visible in the following figure. Data Summary If I instead set up the input in the local "inputs.conf" file after basic installation like [perfmon://LocalPhysicalDisk] interval = 10 object = PhysicalDisk counters = Disk Bytes/sec; % Disk Read Time; % Disk Write Time; % Disk Time instances = * disabled = 0 index = winfwtestinger for example and assign a specific index, I can see that data is ingested if I search for the specific index but they will not appear in the Data Summary. I would be very happy about any suggestion what I am doing wrong here.   Best regards ... View more

Hi all, I just wanted to ask if there is the possibility to pass username and password when starting splunk forwarder (9.1.1) on a linux system for the first time. Due to Windows Universal Forwarder Installation this is possible during installation via:     msiexec.exe /i splunkforwarder_x64.msi AGREETOLICENSE=yes SPLUNKUSERNAME=SplunkAdmin SPLUNKPASSWORD=Ch@ng3d! /quiet       Is there a similar command for Linux Forwarder?   Best regards ... View more