|
Splunk New User here. I am having trouble getting forwarding and receiving working to any degree. On the receiver I have enabled forwarding and assigned the listening port. Used the default 9997. On the forwarder I have enabled forwarding and pointed the forwarder to the receivers ip address along with the correct port. I am seeing nothing in the logs to indicate that the forwarder is forwarding. My input.cfg is empty except for the hostname ( found on path C:\Program Files\Splunk\etc\system\local). This is the case for both forwarder and receiver. What am I doing wrong? Edit: Receiver is Win 7 64bit Forwarder is Windows Server 64x 2008 I have enabled wmi and logs in under the data input control panel. |
|
i know its a little late... but here's my solution... same system setup, trying to forward one window's event log to another server. Turns out, port 9997 is not configured in Win2k8 firewall. So open up your Computer-Manager, and find the rule for Splunkd... look for the entry which already has port 8000 opened, and append 9997 to this entry. Restart splunk, and everything should work. |
