You are here: Clients > Splunk Client > How To > Configure Splunk

TOC & Recently Viewed

Recently Viewed Topics

Configure Splunk to Forward Data

The following procedure is performed on the Splunk Indexer that you want to forward data to the LCE Splunk Client.

Steps

  1. Access Splunk Web as a user with Administrator privileges.
  2. At the top of the Splunk Web interface, click Settings, and then click Forwarding and receiving.

    The Forwarding and receiving page appears.

  3. In the Configure forwarding row, in the Actions column, click the Add new link.

    The Add new page appears.

  4. In the Host box, type the IP address of the LCE Splunk Client host, and then click the Save button.

    The IP address is saved. On the Splunk Web interface, the IP address appears on the Forward data page.

  5. Access the Splunk Indexer as the root user.
  6. Edit the outputs.conf file, usually located at /opt/splunk/etc/system/local/outputs.conf. The lines you must add appear in bold.

    [tcpout]

    defaultGroup = default

    disabled = 0

    indexAndForward = 1

    [tcpout-server://LCE_IP_OR_Hostname:9800]

    [tcpout:default]

    disabled = 0

    server = LCE_IP_OR_Hostname:9800

    sendCookedData = false

  7. Save the file, and then restart the Splunk services.

    Data will now be forwarded to the LCE Splunk Client.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.