All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get data from external machine to Splunk Enterprise?

shribhagya
New Member
‎07-12-2019 02:40 AM

Hi,
One of my client has installed the Splunk on AWS - Linux instance (external Test instance). He wants the log file to be monitored through the Splunk Enterprise hosted in our domain. I've made the changes in /splunk/splunkforwarder/inputs.conf file with the source path,host and source type. but my question is how will the data from that external machine (which is not in our domain) will get monitored and indexed in our splunk enterprise environment? How will i achieve it and what additional changes I've to make?

Thanks and Regards,
Shribhagya

Tags (3)
0 Karma
Reply

pgerke_cc
Explorer
‎07-12-2019 08:52 AM

You have to edit the outputs.conf on your AWS mashine to tell the forwarder where to send the data.

And enter something like that:

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = 192.168.10.132:9997

[tcpout-server://192.168.10.132:9997]

And you need to enable your Splunk instance to listen on a given port.

Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-12-2019 11:15 AM

You also need to ensure an AWS security group is defined to allow sending of data from the UF to your Splunk indexer(s).
Then make sure your firewall allows connections from the AWS server.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

shribhagya
New Member
‎07-12-2019 07:04 AM

He has installed splunk universal forwarder on that AWS machine and he wants the log file of that machine to be monitored under our Splunk Enterprise.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-12-2019 06:41 AM

Please clarify. Has your client installed Splunk Enterprise on AWS or Splunk Universal Forwarder? What log files are you supposed to monitor?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...