Splunkforwarder
Installing universal splunkforwarder:
Run wget command from universal splunkforwarder
wget -O splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=universalforwarder&filename=splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-amd64.deb&wget=true'
unzip package in /opt
dpkg -i splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-intel.deb
Configuring Splunk receiver
Go to splunk in browser, on top right choose settings then forwarding and receiving
Under title receive data click add new
type TCP port 9997 in the empty field and click add
Go to settings then down to server control, click and then click on restart splunk so that the changes will take effect
You have configured the Splunk receiver so the server will listen on that port
Configuring splunkforwarder"
/opt/splunkforwarder/bin/splunk enable boot-start
/opt/splunkforwarder/bin/splunk add forward-server hostname.domain:9997
To test forwarder connection: /opt/splunkforwarder/bin/splunk list forward-server