Hi,
I have installed the forwarder in DC and other server as Indexer.
I do not know how was installed.
I would like to export Forwarder configuration because I have to install a new Forwarder with the same configuration to delete the old one.
What files need to be copied / check?
Thanks in advance.
This is usually configured inside the SplunkForwarder app
$SPLUNK_HOME/etc/apps/SplunkForwarder
but it may be that you configured it in a different way...
Ok, thanks.
Is necessary change something in the Indexer server?
The indexer needs to have an inputs.conf with [splunktcp://9997]
stanza. You can check to see if your indexer is listening with netstat (assuming nix):
~ $ netstat -tnlp | grep 9997
tcp 0 0 0.0.0.0:9997 0.0.0.0:* LISTEN 24504/splunkd
I already have this sentece in inputs.conf.
I supposed that is not needed in the Indexer point to Forwarder...
I see with the comand "netstat -a" something like that:
TCP [IP of indexer]:9997 [IP of forwarder]:62244
Thanks
Hi xabidh,
If you want to implement existing configurations from old forwarder to the new one, I suggest you copy the entirety of $SPLUNK_HOME/etc folder. Copying this folders means you copy all installed apps of old forwarder, inputs.conf, outputs.conf, authentication, and other configurations which has previously been defined on the old one.
This is usually configured inside the SplunkForwarder app
$SPLUNK_HOME/etc/apps/SplunkForwarder
but it may be that you configured it in a different way...
Hi,
I have checked all files inside this folder C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder
but I cannot find the file where its configured the indexer. What is the file name where should be contained the IP/name of indexer server?
Regards
check any available outputs.conf
on your forwarder
cheers, MuS