I have done 3-4 days of research and have been striking out. Here is the process that I follow. I install the universal forwarder on our web server to monitor system logs. Below are the steps:
I execute the installable msi file from cmd prompt to create the service and start the installation process.
I install the UF to C:\Program Files\SplunkUniversalForwarder\
I leave the deployment server blank.
Now for recieiving indexer the main splunk cleint is on z8 so I ping z8 get the IP address and put that in as the host name and assign it to port 9997 which is the default port.. is this correct?
I leave the SSL certificate informaiton blank,
I choose local data only.
I select system log and browse to the directory path for thwere the websites IIS logs are pointing and install the service.
From here I do not know what to do. Any help would be appreciated. Am I doing this right?
... View more