I have Splunk Enterprise 6.5 installed on a dual nic server. Eth0 - management and Eth1 - monitoring (promiscuous mode). How do I point Splunk App for Stream to collect data from eth1 and not Wired Data input?
There seems to be information on how to do this on a remote machine using Universal/Stream Forwarders, but nothing about on a local machine.
Please advise
add the following config parameter to Splunk_TA_stream/local/streamfwd.conf
file:
[streamfwd://streamfwd]
streamfwdcapture.0.interface = eth1
See http://docs.splunk.com/Documentation/StreamApp/6.6.1/DeployStreamApp/ConfigureStreamForwarder#Use_st... for more details