Here are the steps that i have performed
1. Installed splunk forwarder on my local machine (say machine 1 ) with receiver index port 9997 (default).
2. On splunk, configured forwarding and receiving ->configure receiving -> port 9997 (default)
3. In data input, under forwarded input i configured tcp port (e.g 7788 )
4. Now, i am transferring tcp packet from another machine (say machine 2) to my local machine (i.e machine 1) where splunk universal forwarder is configured.
5. But when i query the index created for tcp data on splunk does not show any data.
↧