Click on the menu icon at the upper right corner. Choose Data -> Receiving.
In Configure receiving, choose 9997 as the receiving port.
In your application instance, install the universal splunk forwarder.
http://www.splunk.com/en_us/download/universal-forwarder.html
Extract it and put it in /opt/splunk_forwarder directory
sudo ./splunk start
sudo ./splunk enable boot-start -user ec2-user
List all the forward servers:
./splunk list forward-server
Active forwards:
None
Configured but inactive forwards:
None
If it prompts you for username and password, use
username: admin
password: changeme
Add the receiving server to the forwarder:
./splunk add forward-server
Test the connection:
./splunk list forward-server
Active forwards:
None
Configured but inactive forwards:
If it's not active, remember to add port 9997 to your security group.
Add data to monitor
./splunk add monitor
To list what's being monitored:
./splunk list monitor
