I installed Splunk Universal Fwd and Splunk Enterprise on my C drive. I created a sample file and modified the inputs.conf as mentioned in one of the ans(link given below) and enabled the receiver by setting port to 9997. Do we have to modify/create outputs.conf file? I tried creating outputs.conf too..but no use. In outputs.conf I gave the server name as localhost and port as 9997. Am I missing something? Also, do we have to modify anything in distributed search? I assume my Splunk Enterprise is acting both as SH and Indexer.
Have referred to below ans but didnt got the answer
https://answers.splunk.com/answers/490343/how-to-properly-configure-universal-forwarder-loca.html#answer-656030
↧