I am trying to use windows universal forwarder to forward data which is coming in my localhost 9998 port . A java program is writing data to my localhost 9998 port, this data i want my universal forwarder to listen to and forward it to a splunk receiver's 9997 port.
For this config files on universal forwarder side:-
inputs.conf content-
[tcp://:9998]
connection_host=ip
outputs.conf content-
[tcpout]
disabled= false
defaultGroup = default-autolb-group
useACK=true
[tcpout:default-autolb-group]
disabled= false
server = 10.74.163.105:9997
[tcpout-server://10.74.163.105:9997]
disabled= false
And the content of inputs.conf file in the splunk receiver is:-
inputs.conf content-
[default]
host = IN-AIR-BIMAP110
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
[splunktcp://9997]
disabled = 0
index= test_tcp2
queue= indexQueue
sourcetype=csv
Setting all these configs when i search the data no data is shown by the splunk receiver.
Need help whether the config file settings are fine.
... View more