Splunkforwarder

12/9/20241 min read

Installing universal splunkforwarder:

Run wget command from universal splunkforwarder

wget -O splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=universalforwarder&filename=splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-amd64.deb&wget=true'

unzip package in /opt

dpkg -i splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-intel.deb

Configuring Splunk receiver

Go to splunk in browser, on top right choose settings then forwarding and receiving

Under title receive data click add new

type TCP port 9997 in the empty field and click add

Go to settings then down to server control, click and then click on restart splunk so that the changes will take effect

You have configured the Splunk receiver so the server will listen on that port

![add-splunkfowarder-receiver](https://rootedinkent.us/content/images/2018/07/add-splunkfowarder-receiver.jpg)

Configuring splunkforwarder"

/opt/splunkforwarder/bin/splunk enable boot-start

/opt/splunkforwarder/bin/splunk add forward-server hostname.domain:9997

To test forwarder connection: /opt/splunkforwarder/bin/splunk list forward-server

Learn technology trends based on past projects

© 2024. All rights reserved.