Okay... Here is my hangup. I've taken some training:
-What is Splunk
-Searching and Reporting
-Building Objects
But... All my training was dealing with an environment that was already set up and configured. I have no training for what I'm trying to do!
So I installed Universal Forwarder (newest available) on a Windows 7 workstation.
Default Ports
I've installed an instance of Splunk Enterprise on another workstation in the same domain.
I setup to listen on the same port (9997?) I can't remember the port number off the top of my head 😛
I made sure the services were running and did a netstat to make sure the ports were getting through. all good.
My problem is that I've tried setting up some data inputs, but i'm not sure I did it correctly because i'm getting no action from the forwarder.
Here's a simple rundown of what I want to forward (to get me started):
TCP bytes for:
25
80
110
443
8080
UDP bytes for:
443
Any guidance would be great!
... View more