Getting Data In

Can you forward data to the sandbox server with a universal forwarder?

svertner
New Member

I have setup a sandbox and wish to test the universal forwarder to send data to the sandbox. I do not see a way to add this data into the sandbox. I have installed the universal log forwarder on another external system and wanted to have it send data to the new sandbox. Is this possible?

0 Karma
1 Solution

ryoung_splunk
Splunk Employee
Splunk Employee

Since early December 2014 the steps to use a forwarder in the sandbox have changed. To forward data to a sandbox you can use Universal Forwarder App available in Splunk Online Sandbox. The Universal Forwarder App includes the information and credentials necessary to download, install, and authorize you to forward data to Splunk Online Sandbox. After you sign in to Splunk Online Sandbox, choose Universal Forwarder from the Apps menu, and follow the Universal Forwarder app instructions.

View solution in original post

ryoung_splunk
Splunk Employee
Splunk Employee

Since early December 2014 the steps to use a forwarder in the sandbox have changed. To forward data to a sandbox you can use Universal Forwarder App available in Splunk Online Sandbox. The Universal Forwarder App includes the information and credentials necessary to download, install, and authorize you to forward data to Splunk Online Sandbox. After you sign in to Splunk Online Sandbox, choose Universal Forwarder from the Apps menu, and follow the Universal Forwarder app instructions.

kristian_kolb
Ultra Champion

To understand how to do that, you may want to look closer on the "Getting Data In" section of the manual. The following to sub-sections relate to forwarders and their configuration.

http://docs.splunk.com/Documentation/Splunk/6.1.3/Data/Usingforwardingagents
http://docs.splunk.com/Documentation/Splunk/6.1.3/Data/Useforwardingagentstogetdata

/K

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

@svertner When you login to https://www.splunk.com/getsplunk/cloudtrial

click "See the status" and there you will get your URL that you use for the forwarder's outputs.conf. See my link above for more details.

0 Karma

svertner
New Member

I do not see a way to get the external IP address of the sandbox for this to work? I would assume based on what I am seeing in the sandbox that these are internal VM's and may not be accessible externally. Is that true?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...