To configure the Splunk Forwarder from the command line.
# splunk add forward-server 192.168.1.176:9997
# splunk add monitor /var/log/messages
# splunk restart
# splunk list forward-server
# splunk add monitor /var/log/messages
# splunk restart
# splunk list forward-server
On a Linux box, you may need to add these ports to the firewall.
# firewall-cmd --add-port 8000/tcp --permanent
# firewall-cmd --add-port 9997/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --add-port 9997/tcp --permanent
# firewall-cmd --reload
Leave a Reply