Can you please help me in detail with configuring the Splunk universal forwarder and receiver on Windows? I would like to get the data from a forwarder to another Windows system (receiver).
Sure. just follow the below documentation
http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/DeployaWindowsdfmanually http://docs.splunk.com/Documentation/Splunk/6.3.0/Installation/InstallonWindows
Even there is a video : http://www.splunk.com/view/SP-CAAAGXB
Once you installed configure your inputs.conf to forward the data
http://docs.splunk.com/Documentation/Splunk/6.1/Data/Monitorwindowsdata
Sample conf
[WinEventLog://Security] disabled = 0 start_from = oldest current_only = 0 checkpointInterval = 5 index=<your index>
Configure your outputs.conf http://docs.splunk.com/Documentation/Splunk/6.1.3/Forwarding/Configureforwarderswithoutputs.confd
[tcpout:<target_group>] server=<receiving_server1>, <receiving_server2>, ... <attribute1> = <val1> <attribute2> = <val2>
Configure your receiver. http://docs.splunk.com/Documentation/Splunk/6.1/Forwarding/Enableareceiver
Sample inputs.conf
[splunktcp://9997] disabled = 0
