All Apps and Add-ons

How to get data from external machine to Splunk Enterprise?

New Member

Hi,
One of my client has installed the Splunk on AWS - Linux instance (external Test instance). He wants the log file to be monitored through the Splunk Enterprise hosted in our domain. I've made the changes in /splunk/splunkforwarder/inputs.conf file with the source path,host and source type. but my question is how will the data from that external machine (which is not in our domain) will get monitored and indexed in our splunk enterprise environment? How will i achieve it and what additional changes I've to make?

Thanks and Regards,
Shribhagya

Tags (3)
0 Karma

Path Finder

You have to edit the outputs.conf on your AWS mashine to tell the forwarder where to send the data.

And enter something like that:

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = 192.168.10.132:9997

[tcpout-server://192.168.10.132:9997]

And you need to enable your Splunk instance to listen on a given port.

SplunkTrust
SplunkTrust

You also need to ensure an AWS security group is defined to allow sending of data from the UF to your Splunk indexer(s).
Then make sure your firewall allows connections from the AWS server.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

New Member

He has installed splunk universal forwarder on that AWS machine and he wants the log file of that machine to be monitored under our Splunk Enterprise.

0 Karma

SplunkTrust
SplunkTrust

Please clarify. Has your client installed Splunk Enterprise on AWS or Splunk Universal Forwarder? What log files are you supposed to monitor?

---
If this reply helps you, an upvote would be appreciated.
0 Karma