I have a splunk enterprise server and a node configured with Linux forwarder. These are the things configured in both the ends:
server:
enabled port 9997 to be reciever
added the following in inputs.conf file
[splunktcp://9997]
disabled = 0
node:
added forward server and started forwarder
added the following in outputs.conf file
[tcpout:default-autolb-group]
server = 172.xx.x.xxx:9997
[tcpout-server://172.xx.x.xxx:9997]
added a custom folder to monitor list
But in Splunk web dashboard, I am not able to recieve any data from the node.
![alt text][1]
Can someone please help me..?
[1]: /storage/temp/194309-error.png
↧