Hi Gnewmann,

Apart from the above steps you mentioned, before that please let me know whether after installing Forwarders do i need configure outputs.conf or inuts.conf apart from Deployemnt server.conf & forwarder.conf

Thanks,

Ramu.R

For self-service deployments, if you follow the steps in http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/User/ForwardDataToSplunkCloudFromLinux using Splunk Web (the Splunk user interface), you should be successful in configuring your universal forwarder and making a connection to your Splunk Cloud instance. Be sure to follow closely Steps 3, 4, and 5, and you should only have to configure the deployment server as noted in the instructions.

After following these steps, you should see your forwarder, and you should be able to configure data inputs.

You should not have to configure the outputs.conf, inputs.conf or forwarder.conf separately from the instructions listed in the link above to make a connection to your forwarder. The configuration instructions for outputs.conf and inputs.conf are for a Splunk Enterprise instance, not Splunk Cloud. This might be confusing in the Forwarding Data guide.

Please let me know if you are successful. If you continue to have issues, or you have a managed Splunk Cloud deployment, I can put you in touch with someone else that might be able to further help troubleshoot this issue.

Will try the mentioned steps & keep you posted.

Anywazz thanks you so much Gneumann...

Hi Gaurav,

Yes already executed that command as well but getting the below error :

Active forwards: None

Configured but inactive forwards:

Is there any error in _internal? Also did you configure receiving on indexer with 9997?