We have a existing infrastructure of Splunk where events are passed from multiple Linux boxes to Splunk indexers.
We recently have installed Splunk **forwarder** in a **Windows** box. When we search in Splunk using that host name, we don't see the events.
We have checked the logs with the following observation
- It is picking up new monitor config.
- No error is reported in Splunkd.log
Can you please share the **troubleshooting** **steps** for the forwarder? Can **forwarder log files** help us pin point - **if forwarder at all sending the events to Indexer?**
↧