connect splunk and splunk forwarder to receive system, application and security logs.
Install splunlk enterprise.
START INSTALLING SPLUNK FORWOARDER
1.
- give your user name and set passowrd
3.give deployment server ip and port(you can enter the default port)
4.give recieveing indexer ip (default 9997)
C:\Program Files\SplunkUniversalForwarder\etc\system\local
7.copy the outputs.conf and rename it as inputs.conf.
and inside inputs.conf write following (host name you can find in command prompt by writing command hostname)
8.go to splunk eneterprise and click on forwarding and recieving.
9.next click on add new.
10.
11.Disable firewall on your system
12.press win+R in the run box type services.msc and restart the service splunkforwarder
13.go to splunk enterprise
go to search and reporting
enter host=< as per your machine host name >
