Enable a receiver on your Splunk Enterprise instance
To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Enterprise instance. You install the forwarder on your data host to send data to the receiver.
Enable a receiver using Splunk Web
- Log into the receiver as an Admin.
- Click Settings > Forwarding and receiving.
- For Configure receiving, click Add new.
- You can use the
netstattool to determine what ports are available on your system. Make sure that Splunk Web or splunkd is not using the port you select.
- Specify the TCP port you want to make the receiving port.
- Click Save. The Splunk software begins to receive incoming data on the port you specified.
- Restart the Splunk software.
Configure your Microsoft Active Directory domain to generate audit events
Install a universal forwarder on each Microsoft Active Directory host
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8