I am trying to forward the data (simple logs) from a universal forwarder to a Archsight logger. For achieving this I am passing the IP address of the Archsight logger and the port number. I am passing the default TCP server credentials that are there for the Archsight logger. Still I do not see the logs getting established. is there any other configuration that needs to be done on the outputs.conf file. or logs that i can use to debug the issue further.
Is there any config we need to establish in the archsight logger to ensure that the data comes from the splunkforwarder.
... View more