Solved: How to get the data from remote server through uni...

Maheshparsi · ‎09-04-2015

Hi All,

We dont have splunk enterprise installed on windows 2008 R2 server. We have installed the Splunk Universal forwarder(6.2.3 version) on windows 2008 R2 server(64-bit). After installing, we configured input.config file and output.config file as,
input.config:

[default]
host = WIN-NR8HN3JRK2V

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
[splunktcp://8000]
disabled = 0

output.config file:

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = 192.168.0.175:8000

[tcpout-server://192.168.0.175:8000]

Now, how can I get the log data from windows 2008 R2 server to my splunk server(192.168.0.175:8000) ? where it will be stored in my server?
Can anyone help me to get out of this?

Thanks in advance,
Mahesh P.

woodcock · ‎09-04-2015

First of all, it must be inputs.conf and outputs.conf, not input.config and output.config (notice the s character, in particular, as well as the suffix). Secondly, have you considered this?

http://blogs.splunk.com/2014/11/04/splunk-6-2-feature-overview-xml-event-logs/

View solution in original post

woodcock · ‎09-04-2015

First of all, it must be inputs.conf and outputs.conf, not input.config and output.config (notice the s character, in particular, as well as the suffix). Secondly, have you considered this?

http://blogs.splunk.com/2014/11/04/splunk-6-2-feature-overview-xml-event-logs/

How to get the data from remote server through universal forwarder?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!