See the Splunk documentation to install the forwarder software on the Splunk forwarding server and connect it to the server/indexer. After the forwarder is installed, follow these steps to add the Ironstream Proxy Server to the list of sources for the forwarder:
Edit the inputs.conf file in this directory:
On Windows: \Splunk installation directory\etc\system\local\
On Linux: /Splunk installation directory/etc/system/local/
(Create a new inputs.conf file in this directory if it does not already exist.)
Add these five lines to the end of the inputs.conf and save the file. On Linux:
[monitor:///var/opt/OV/log/vp400/ev400.insight.*.log*] host_regex = ev400\.insight\.(.+)\.log*
index = IS4i sourcetype = _json disabled = false On Windows:
[monitor://C:\Program Files\EView Technology\EView400i\log\ev400.insight.*.log*]
host_regex = ev400\.insight\.(.+)\.log* index = IS4i
sourcetype = _json disabled = false
If the installation path was changed during the installation, modify the first line to reference the
new path.
The index value should be changed to a site-defined index name.
Restart the Splunk forwarder.
On Linux: /Splunk installation directory/bin/splunk restart
On Windows: Restart the Splunk forwarder service "splunkd" from the Services utility.