I have installed Splunk on a Linux box and is listening for incoming on 9997. Our linux boxes send its syslog to it and work fine. The Windows boxes however do not send any event viewer logs. I installed SplunkForwarder on it and followed the prompts where I entered the Receiver server and port 9997. Also restarted the splunk service just in case. What additional configurations are to be done to ensure Event Viewer logs/AD monitoring start to populate my Splunk sitting on the Linux box. I'm able to telnet to 9997 from Windows to Linux so it is not an access issue.
↧