All Apps and Add-ons

How to get data from external machine to Splunk Enterprise?

shribhagya
New Member

Hi,
One of my client has installed the Splunk on AWS - Linux instance (external Test instance). He wants the log file to be monitored through the Splunk Enterprise hosted in our domain. I've made the changes in /splunk/splunkforwarder/inputs.conf file with the source path,host and source type. but my question is how will the data from that external machine (which is not in our domain) will get monitored and indexed in our splunk enterprise environment? How will i achieve it and what additional changes I've to make?

Thanks and Regards,
Shribhagya

Tags (3)
0 Karma

pgerke_cc
Explorer

You have to edit the outputs.conf on your AWS mashine to tell the forwarder where to send the data.

And enter something like that:

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = 192.168.10.132:9997

[tcpout-server://192.168.10.132:9997]

And you need to enable your Splunk instance to listen on a given port.

richgalloway
SplunkTrust
SplunkTrust

You also need to ensure an AWS security group is defined to allow sending of data from the UF to your Splunk indexer(s).
Then make sure your firewall allows connections from the AWS server.

---
If this reply helps you, Karma would be appreciated.
0 Karma

shribhagya
New Member

He has installed splunk universal forwarder on that AWS machine and he wants the log file of that machine to be monitored under our Splunk Enterprise.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please clarify. Has your client installed Splunk Enterprise on AWS or Splunk Universal Forwarder? What log files are you supposed to monitor?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...