Dear All,
Just seen this post as unanswered till yet which indicates that the problem is still unresolved. so I am answering your problem as below.
First of all forwarding from windows OS to nix application is not supported. Nix app can handle data forwarded only from OS based on Unix [i.e. linux, solaris etc]
Copy and paste the NIX app in SplunkHome/etc/apps/ where SplunkHome is the directory where your forwarder is installed.
Change your directory to SplunkHome/bin and register your forwarder using following commands
./splunk start
./splunk add forward-server <SplunkServerIP>:<Receiving Port>
./splunk restart
[In case of any username/password prompt during execution of above mentioned commands, please use admin/changeme as username/password]
Set the data to be forwarded in SplunkHome/etc/apps/unix/bin/local/inputs.conf . For sample I am sending you a full configuration file which will send all the parameters after every second to your splunk server. Just copy the below mentioned data and paste it in ur inputs.conf file at SplunkHome/etc/apps/unix/bin directory
[To change data posting interval by forwarder to splunk server change the interval value below and to disable some specific information set disabled = 1]
[script://./bin/cpu.sh]
interval=1
sourcetype=cpu
index=os
disabled=0
[script://./bin/df.sh]
interval=1
sourcetype=df
index=os
disabled=0
[script://./bin/hardware.sh]
interval=1
sourcetype=hardware
index=os
disabled=0
[script://./bin/interfaces.sh]
interval=1
sourcetype=interfaces
index=os
disabled=0
[script://./bin/iostat.sh]
interval=1
sourcetype=iostat
index=os
disabled=0
[script://./bin/lastlog.sh]
interval=1
sourcetype=lastlog
index=os
disabled=0
[script://./bin/lsof.sh]
interval=1
sourcetype=lsof
index=os
disabled=0
[script://./bin/netstat.sh]
interval=1
sourcetype=netstat
index=os
disabled=0
[script://./bin/openPorts.sh]
interval=1
sourcetype=openPorts
index=os
disabled=0
[script://./bin/package.sh]
interval=1
sourcetype=package
index=os
disabled=0
[script://./bin/protocol.sh]
interval=1
sourcetype=protocol
index=os
disabled=0
[script://./bin/ps.sh]
interval=1
sourcetype=ps
index=os
disabled=0
[script://./bin/rlog.sh]
interval=1
sourcetype=rlog
index=os
disabled=0
[script://./bin/time.sh]
interval=1
sourcetype=time
index=os
disabled=0
[script://./bin/top.sh]
interval=1
sourcetype=top
index=os
disabled=0
[script://./bin/usersWithLoginPrivs.sh]
interval=1
sourcetype=userswithLoginPrivs
index=os
disabled=0
[script://./bin/vmstat.sh]
interval=1
sourcetype=vmstat
index=os
disabled=0
[script://./bin/who.sh]
interval=300
sourcetype=who
index=os
disabled=0
To forward your windows data you need to install Splunk windows application in your splunk server [same as u installed NIX app] and do the above mentioned activity as per windows OS format.
For further details please refer to http://splunk-base.splunk.com/answers/50082/how-do-i-configure-a-splunk-forwarder-on-linux
Regards,
... View more