Hello, I have installed splunk enterprise in a windows environment. I have installed Universal Forwarder on a separate machine. Before running the ./splunk add forward_server command (to add the indexer), I ran ipconfig from the windows box where splunk enterprise is. Using that IPv4 address (lets call it xxx.xx.xxx.xxx). I then successfully pinged that address from where I installed the forwarder (a linux machine). Then, using the default forwarder port (9997), I ran the command as: ./splunk add forward-server xxx.xx.xxx.xxx:9997 which ran successfully. I then restarted forwarder like: ./splunk restart and the forwarder successfully restarted. I verified that the outputs.config file in the splunk_home/etc/system/local had the correct settings: defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = xxx.xx.xxx.xxx:9997 [tcpout-server://xxx.xx.xxx.xxx:9997] I then logged into the splunk enterprise web interface, and selected "Add Data" link, and then the "forward" link. At the top is says "Select Forwarders", but beneath that there is a red triangle that says "There are currently no forwarders configured as deployment clients to this instance". Am I doing something wrong? If so, how do I diagnose and correct? Grateful for any response! ... View more