Hi
I am new to Splunk and we have to complete POC . We have two server : Server A ( Index Server where Splunk Enterprise is installed ) and Server B where we have installed Forwarder and configure it to monitor one file system
Server B :
Server B $> splunk list forward-server
Splunk username: admin
Password:
Active forwards:
ServerA:9997
Configured but inactive forwards:
None
Server A :
Server A > lsof -i TCP:9997
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
splunkd 20810 svc_splunk_dev 48u IPv4 18875290 0t0 TCP *:palace-6 (LISTEN)
splunkd 20810 svc_splunk_dev 79u IPv4 18884788 0t0 TCP ServerA:palace-6->ServerB:53122 (ESTABLISHED)
ServerA # plunk list forward-server
Splunk username: admin
Password:
Active forwards:
None
Configured but inactive forwards:
None
Please advise
↧