Hi
I am using Splunk universal forwarder to receive data in Splunk enterprise but data is not shown in the search result.
Splunk Enterprise and universal forwarder are in the same server.
Created index and assigned to the admin role. Set the port for listening in the receiver.
Below are the configuration details:
/opt/splunkforwarder/etc/system/local/outputs.conf
[tcpout]
defaultGroup=sp_index
[tcpout:sp_index]
server=10.100.103.209:9997
[tcpout-server://10.100.103.209:9997]
./splunk add forward-server 10.100.103.209:9997
./splunk add monitor "/var/www/spdev_mythily_data/test_data/*" -index sp_index -sourcetype _json -host 10.100.103.209
Thanks,
Mythily
... View more