I'm trying to view Windows Logs. I installed the universal forwarder on the local Windows PC.
I configured only for local system, not remote. I added new receiver port 9997 on the server & restarted Splunk.
But when I go to Add data from Windows Logs, still asks me to install univ. forwarder and when I got to server, doesn't list the receiver I added. When I try to re-add it, it shows me this:
"Encountered the following error while trying to save: In handler 'cooked': Failed to create. Configuration for port 9997 already exists."
Splunk 4.3 Server is running on Linux.
... View more