I am building firewall policies to implement an on-premise Splunk Enterprise system and need to forward some data to a Splunk Cloud instance.
What communication ports are used?
Hi Panderla,
There is an excellent answer available here:
In short, you need to allow your TCP port 9997 to the cloud indexers, which you can find/resolve from the splunk_forwarder_app in outputs.conf