Splunk

Splunk Notes

To configure the Splunk Forwarder from the command line.

# splunk add forward-server 192.168.1.176:9997
# splunk add monitor /var/log/messages
# splunk restart
# splunk list forward-server

On a Linux box, you may need to add these ports to the firewall.

# firewall-cmd --add-port 8000/tcp --permanent
# firewall-cmd --add-port 9997/tcp --permanent
# firewall-cmd --reload