I have Installed a Splunk universal forwarder on a Windows host and started the services. But while adding the data under "Add data" in my Splunk app, I am not able to see the installed Windows machine on list of forwarders. Is that something I need to edit the inputs.conf on the forwarder? Could someone share steps to send logs from Windows machine to a Splunk server (linux)?
There are several settings that you need to configure before this works:
Hi splunkgk,
Are you trying to collect Windows event log data? If so, please following the instructions here in the Getting Data In manual:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Data/MonitorWindowseventlogdata
Hope it helps.
Hunter
Did you modify the forwarder's outputs.conf file to point to your indexer?