Getting Data In

How to configure Splunk Light cloud service?

gingersoftware
New Member

Hi guys,

I'm using a Splunk Enterprise on my own server. Recently we have played with the idea of moving to "Splunk Light" cloud service and I'm trying to configure a test environment on the "Splunk Light" cloud, and I have some difficulties.

  1. Originally, I'm sending data from my application servers to my Splunk server via a TCP port to the Splunk server IP (without Forwarder). Where can I find the IP or FQDN of the "Splunk Light" to send the data to? I cannot find it anywhere.

  2. In my current Splunk server, I use TCP Local Data Inputs. In "Splunk Light" cloud TCP Local Data is not listed as an option for Local TCP Data Inputs. So, where should I add the port listener?

  3. I need to filter out some data I receive. In my own Splunk server I'm using "transforms.conf" and "props.conf" files. How do I access these files in the "Splunk Light" service, or alternatively, is there a way to filter out data from the "Splunk Light" management board?

Thanks for your help.

Michael

0 Karma

dkoshe_splunk
Splunk Employee
Splunk Employee

Hello Michael,

Let's talk about #2. On Cloud Service, creating local TCP inputs is not supported, for the security compliance reasons.
For #1, I am assuming that you are sending data to a local TCP input port, and hence that's not going to work (as per my comment above)
For #3, have you looked at defining transforms via UI? Some of the configurations can be done via UI form the Knowledge -> Fields menu options. Please let us know if you can update all necessary settings via UI.

When using Cloud service, Universal forwarders is the primary way to send data to cloud service. You can find information about that here: http://docs.splunk.com/Documentation/SplunkLight/6.3.3/Cloud/ForwarddatatoSplunkLightcloudservice.

Another option for you to consider is sending data via HTTP Inputs, which are fully supported in Splunk Light Cloud service, if you do not want to use forwarders.

There is always and option to install heavyweight forwarder on your network, which can open Local TCP inputs to receive data, and then forward to the cloud service (using the same process described in the link above)

Hope this helps.
-DJ

gingersoftware
New Member

Thank you DJ,

Yes, your information was useful.

Can you say if there is a way to import our existing dashboards, reports and alerts to Splunk Light?
I did not find any way. Is there a hidden way I can import them?

Also, we currently use HTTP inputs from our other clients via HTTPS with our own SSL certificate.

Is there a possibility to use our own SSL cert in Splunk light or cloud?
If not, what are our options for a reasonable solution to work with HTTPS?

Thanks,
Michael

0 Karma

dkoshe_splunk
Splunk Employee
Splunk Employee

I am not aware of any way to import existing dashboards/reports/alerts to Splunk Light cloud instance.
That sounds like a darn good enhancement request to Splunk Light.

Splunk Light Cloud service only supports HTTPS for HTTP Event collector. I don't think there is a way to use custom certs on Splunk Light Cloud. I strongly suggest you use heavyweight forwarder as a intermediate node for your existing sources to send data to, and heavyweight forwarder sends data to the cloud service.

Hope this helps.
-DJ

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...