I installed a Splunk Enterprise 7.0 on a Unix machine and wish to get data from a Windows machine (any data would suffice for now since I'm new to Splunk, trying to grasp the concept of it all)
Some configs I did using the documentation available:
**Splunk Enterprise server (unix system)**
$ cat inputs.conf
[default]
host = SPLUNK
[splunktcp://9997]
disabled = 0
**Splunk Universal Forwarder (Windows Server machine)**
-> splunk add forward-server :9997
-> splunk set deploy-poll :9997
-> Added some config in 'inputs.conf'
# Windows platform specific input processor.
[WinEventLog://Application]
disabled = 0
[WinEventLog://Security]
disabled = 0
[WinEventLog://System]
disabled = 0
[monitor:///apache/*.log]
disabled = 0
-> splunk enable eventlog System
Specified input collection has been enabled
Now I want to add a Forwarder using the Splunk Web on my Enterprise system.
I log on to the website, select 'Add data' > 'Forward' > 'There are currently no forwarders configured as deployment clients to this instance.'
Not sure what I'm doing wrong. However, when I search for data, I do see some results there from the Windows machine!
↧