Splunk® Light (Legacy)

Getting Started Manual

Download manual as PDF

This documentation does not apply to the most recent version of SplunkLight. Click here for the latest version.
Download topic as PDF

Receive data from a forwarder

On the Add Data view, you can use Forward to configure the types of data to receive from a universal forwarder. The universal forwarder is a separate Splunk software product that you need to install and configure before you can add a receiving data input in Splunk Light.

Before you continue, see Install and deploy a universal forwarder in the Installation Manual.

Set up this Splunk Light instance to receive data

1. In the sidebar menu, under Data, select Receiving.

2. In the Configure receiving page, type in the receiving TCP port number next to Listen on this port.

This is the TCP port you want the receiver to listen on (also known as the receiving port). You can specify any unused port. You can use a tool, such as netstat, to determine what ports are available on your system.

3. Click Save.

Add a data input to receive from the universal forwarder

If you configure the forwarder to act as a deployment client, you can follow these steps to add data inputs from selected forwarders.

1. In the Add Data view, click Forward.

If you did not configure your universal forwarder to communicate with this Splunk Light instance and act as a deployment client, this page will not display the Forward data inputs options. To configure the forwarder to act as a deployment client, see Install and deploy a universal forwarder in the Installation Manual.

Under Select Forwarders, you can create a new server class or select from existing server classes.

2. To add a new server class, click New next to Select Server Class.

Available host(s) lists the hostnames for the universal forwarders that your instance can poll.

3. Under Available host(s), select one or more hosts to add to your server class.

4. Next to New Server Class Name, enter a name for your server class.

5. Click Next to continue to the Select Source step.

6. Choose the source of the data to receive from the forwarder. Your source options include:

  • Files & Directories for file uploads and directory monitoring.
  • TCP/UDP for network port inputs.
  • Scripts for data from APIs and services.

7. Click Next to continue to the Input Settings step.

8. Next to Sourcetype, select the source type method.

9. (Optional) Next to Index, select a different index or create a new index to store the incoming data.

Searches automatically run against data stored in the Default and main indexes. If you change the index where incoming data is stored, you need to specify that index each time you want to search that data.

10. Review your receiving data input.

11. Click Submit.

Last modified on 10 March, 2016
PREVIOUS
Monitor network ports
  NEXT
Configure an add-on to add data

This documentation applies to the following versions of Splunk® Light (Legacy): 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters