The Splunk Universal Forwarder is the easiest and preferred way of getting data from remote systems into Splunk Light, also known as forwarding data to Splunk Light. The universal forwarder is a separate Splunk software product that needs to be installed and configured as a prerequisite to collect data from a remote system.
Experience Telegram on your mac in a swift and seamless way. Apple Mac OS X 10, Cheapest MoldWorks 2014, Download Lynda.com - Ruby On Rails 3 Essential Training, Corel PaintShop Pro X5 Product Key.
The following steps are for a default configuration of the universal forwarder to get data into Splunk Light. In these steps, you will:
Log into Splunk Light, also referred to as your Splunk Light instance.
Configure the Splunk Light instance to receive data from the universal forwarder.
1. From the Splunk Light user interface, click the menu at the top left of the screen to open the sidebar menu and select Data > Data receiving.
2. Click Add new.
3. In the Listen on this port field, enter the port number that you want the Splunk Light instance to listen on and click Save.
Download the Splunk Universal Forwarder for Mac OS from Splunk.com using the link below. Choose the installer that matches the platform of the machine that will forward data to your Splunk Light instance.
1. From a web browser, go to: http://www.splunk.com/en_us/download/universal-forwarder.html
2. Click the Mac OS button and click the installer that is appropriate for your platform.
3. Click Save File to download the splunkforwarder file. The full download file name is similar to splunkforwarder-<release>-f2c83...8108-macosx-10.9.intel.dmg.
By default, the splunkforwarder file is saved to the Downloads (/Users/<username>/Downloads/) directory.
Install the universal forwarder on the machine that holds, or has access to, the data you want to collect and forward to Splunk Light.
Note: If you want to install the universal forwarder on a different machine, copy the universal forwarder package file to that machine and continue with the steps below.
1. Double-click the splunkforwarder file to launch the installer.
2. Double-click the Install Splunk Universal Forwarder icon.
3. The Introduction dialog displays, indicating the version and copyright information. Click Continue.
4. Read the Software License Agreement. Click Continue to agree to the license terms.
5. Click Agree to confirm you accept the software license agreement and to continue with the installation.
6. The Installation Type dialog displays, showing a pre-installation summary. Click Install.
7. Confirm you want to install new software. Enter your Username and Password for the machine you are installing the universal forwarder on, and click Install Software.
8. The Summary dialog displays indicating the installation was successful. Click Close.
9. A brief initialization performs. Click OK to continue. The installation starts and might take a few minutes to complete.
10. Click Start Splunk.
11. Click OK to acknowledge the universal forwarder is installed and started.
By default, the SplunkForwarder is installed in the /Applications directory.
Configure the universal forwarder to send data to the Splunk Light instance.
1. Launch a terminal window. A terminal window can typically be found on your Mac by going to Finder > Applications > Utilities > Terminal.
2. Enter the following command:
/Applications/SplunkForwarder/bin/splunk add forward-server <host>:<port> -auth <username>:<password>
For example, /Applications/SplunkForwarder/bin/splunk add forward-server mycompany:9997 -auth admin:changeme
Configure the universal forwarder to be a deployment client. This allows you to configure data inputs on the universal forwarder from your Splunk Light instance, which is the deployment server.
1. Register the universal forwarder as a deployment client of the Splunk Light instance, the deployment server. Enter the following command:
/Applications/SplunkForwarder/bin/splunk set deploy-poll <host>:<mgmtPort>
For example, /Applications/SplunkForwarder/bin/splunk set deploy-poll mycompany:8089
2. Restart the universal forwarder. Enter the following command:
/Applications/SplunkForwarder/bin/splunk restart
You should see the universal forwarder listed in the Splunk Light user interface Forwarder Management view (in the sidebar menu, select System > Forwarder Management.) This can take a few minutes to update.
Specify which data inputs the universal forwarder uses to collect data.
1. In the Splunk Light user interface, click Search in the top menu bar.
2. In the Search view, under Data on the right of the screen, click the Add Data button.
3. On the Add Data view, click Forward.
4. Next to Select Server Class, click New. Available host(s) are listed, which are the hostnames of the universal forwarders (deployment clients) connected to the Splunk Light instance (deployment server).
5. Under Available host(s), click one or more forwarder hosts to add to the Selected host(s) box. This allows you to add a new Server Class.
6. In the New Server Class Name field, enter a name for the new server class.
7. Click Next near the top of the screen.
8. Select the type of data for the universal forwarder to collect. In this example, Files & Directories is selected. Click a source option:
9. Enter a File or Directory name. For example, /var/log
10. Click Next near the top of the screen.
11. In the Input Settings view, next to Source type click Automatic.
12. Click Review near the top of the screen. This view provides a summary of the data input configuration that is being used to collect data from the universal forwarder and forward to the Splunk Light instance.
13. Click Submit.
14. The File input has been created successfully displays. Click Start Searching to see the data in the Search view. This might take a few moments to display on the Search page.
To continue adding data and to learn more about searching and reporting, see: