I have some logs in my localhost which i need to push to Splunk using the forwarder. Please help.
We need WAY more information. Do you have an already-functioning Indexing Tier or are you using an All-in-one instance? If the latter, is this same instance the forwarder, too? Do you have a Deployment Server? Do you have other Windows forwarders already working (or is the first one)? What have you tried?
Hi anuj1630,
if you have not many Forwarders, you can follow the guided installation procedure: it asks to insert the Certificate location, the Deployment Server, the Indexer and Windows logs:
If instead you have many Forwarders to configure, I suggest to set only Deployment Server and deploy a TA with Indexers (outputs.conf file).
I hope to be clear.
Bye.
Giuseppe