I am trying to implement a simple Splunk system on my local computer to learn a bit about how you set up forwards and get data into Splunk. I am running Splunk Enterprise on a CentOS 8 virtual machine, and I've installed a Universal Forwarder on the system that is running the virtual machine. I've set up Splunk to receive data over port 9997, and have ensured that port 9997 is open and listening in CentOS. On my main system I installed the Universal Forwarder and directed it to 192.168.0.21:9997 (my client is accessed at 192.168.0.21:8000). Outputs.conf: [tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = 192.168.0.21:9997
[tcpout-server://192.168.0.21:9997] I am not using a deployment server. I'm using Bitdefender on my laptop and have made sure there's a rule in the firewall to allow traffic to 192.168.0.21:9997. I've also reset the UF, Splunk Enterprise, and the VM running Splunk Enterprise. When I go in to Add Data > Forward, it still says "There are currently no forwarders configured as deployment clients to this instance." I'm sure I'm just missing something in the setup steps, but I cannot figure out what it is. ---------------- Here are the main repeating messages from splunkd.log: 08-26-2021 16:21:40.575 -0800 INFO AutoLoadBalancedConnectionStrategy [12416 TcpOutEloop] - Found currently active indexer. Connected to idx=192.168.0.21:9997, reuse=1.
08-26-2021 16:21:40.991 -0800 ERROR ExecProcessor [5456 ExecProcessor] - message from "D:\Cybersecurity\SplunkUniversalForwarder\bin\splunk-admon.exe" splunk-admon - GetLocalDN: Failed to get object 'LDAP://rootDSE': err='0x8007054b' - 'The specified domain either does not exist or could not be contacted.'
08-26-2021 16:21:40.991 -0800 ERROR ExecProcessor [5456 ExecProcessor] - message from "D:\Cybersecurity\SplunkUniversalForwarder\bin\splunk-admon.exe" splunk-admon - getBasePath: Unable to query local DN, restart and specify base path to monitor
08-26-2021 16:21:40.991 -0800 ERROR ExecProcessor [5456 ExecProcessor] - message from "D:\Cybersecurity\SplunkUniversalForwarder\bin\splunk-admon.exe" splunk-admon - SplunkADMon::configure: Failed to configure AD Monitor
... View more