Set up a receiver

To collect logs from remote machines, you need to configure both a receiver and a forwarder. The receiver is the Splunk instance that will receive the data and can be either a Splunk indexer or or another forwarder configured to receive data from forwarders.

You can use Splunk Web to set up a Splunk instance to serve as a receiver. Log in to Splunk Web using the administrative account and go to Settings > Forwarding and Receiving:

forwarding and receiving

Click Add new under the Receive data section:

configure receiving

Specify the TCP port that you want the receiver to listen on. The port is usually 9997:

configure receiving port


Depending on the Splunk version, you might need to restart Splunk to apply the changes.
Geek University 2021