Okay, our goal is to capture data from a local database using DB connect to query the data and Splunk Heavy Fowarder to push the data up to a Splunk Cloud instance.
Where we are:
The help we need:
Nareshinsvu, once an index is created and enabled on the Splunk cloud environment, how do we ensure that data pushed from our Heavy Forwarder is sent directly into the index we created and enabled?
You should probably raise a Support ticket for your data integrity and security related queries. As per their docs,
Data Segregation for Splunk Cloud
Splunk Cloud deployments run in a secured environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data.
My question was unrelated to data integrity and security but rather, once an index is created how do we ensure data from the Heavy Forwarder pushes the data collected into the index we establish on the Splunk Cloud. Do you know the answer to this?
I would think somewhere on the Heavy Forwarder you will have to specify where (what index name) you want the data to reside in once pushed to the Splunk Cloud, no?
Do go through the conf files involved in Data forwarding before jumping into your environment.
outputs.conf - Indexer discovery etc happens here
inputs.conf - target index, source and sourcetype to be defined here
props.conf & transforms.conf - Filter and extractions of your data to be defined here.
Sounds like you didn't install the forwarder app you can download from your Splunk Cloud instance. It will have all the right settings and certificates to send data to Splunk Cloud.