After 2 days of reading numerous help docs and watching tutorial videos, still not able to get Splunk Cloud monitoring a simple event log of my Windows test-pc. Installing and de-installing the universal forwarder 10+ times, I am now on the edge of walking away from this Splunk puzzle. Splunkuniversforwarding service is running, splunkd process running, what next to check...
**inputs.conf:**
[default]
host = Asus-AP
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
<<
**server.conf**
[general]
serverName = Asus-AP
pass4SymmKey = xxxxxxxxxxxx
[sslConfig]
sslKeysfilePassword = xxxxxxxxxxxx
[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder
[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free
<<
deploymentcliet.conf:
[target-broker:deploymentServer]
targetUri = prd-p-7jmfcpd9xcqm.cloud.splunk.com:8089
<<
NO outputs.conf file (why? and where do I correct this? adding it manually?)
I missed a complete step by step video or document to make a simple working setup for Splunk Cloud monitoring the eventlog of a windows pc system. When starting to read help documentation and clicking on the relevant part, it opens a new page...in no time I have at least 10 pages open and still no answer...
some help is appreciated.
Regards
A.Pietersen
↧