Getting Data In

How to configure a heavy forwarder with Splunk Cloud

marceloamorim
New Member

Guys,

I need to configure a heavy forwarder to work with Splunk cloud.
There are no documents about it on the Splunk base.
This tip does not work: https://answers.splunk.com/answers/478035/how-to-set-up-a-heavy-forwarder-to-forward-data-to.html

Could you help me?

Marcelo Amorim

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Have you looked at Splunk Docs (docs.splunk.com)?
There is a document about deploying heavy forwarders at https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/Forwarding/Deployaheavyforwarder
Installing a heavy forwarder for Splunk Cloud is nearly the same as for Splunk Enterprise. The only difference is you must download the universalforwarder app (don't let the name distract you) from your Cloud instance and install it on your HF.

---
If this reply helps you, Karma would be appreciated.
0 Karma

marceloamorim
New Member

Thanks Richgalloway! Just to make sure, I need to install both HF and UF?
Its necessary to do some configuration on the HF?

Marcelo.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You do not need a UF, just a HF. The HF gets the same outputs.conf settings as a UF would, however, so it uses the app you download from your Splunk Cloud instance. IIRC, it's available from Apps->Universal Forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma

marceloamorim
New Member

I understood that to send data to Splunk Cloud, I need to download and install the universal forwarder credentials. If I just configure HF to point to cloud without credential, will not work. Make sense?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, makes sense.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, we can help you, but we need more information. Explain what "does not work" means. What are the exact steps you took? What error messages do you get?

---
If this reply helps you, Karma would be appreciated.
0 Karma

marceloamorim
New Member

Hi Richgalloway!

I didnt took any steps. I am getting information about it
I need to install heavy forwarder because I am going to install Splunk Add-on for Microsoft SQL Server.
I am using Splunk Version 7.0.13 - Splunk Build b6e41c05f519

When I took a look on the documentation to deploy heavy forwarders and this document say to configure the following parameters to send data to Splunk Enterprise:
splunk add forward-server : -auth :
However, I am using Splunk Cloud.

When I took a look on the Splunk Cloud documentation, I found only information to configure universal forwarders, through credentials to comunicate with Splunk Cloud instance.

thanks,

Marcelo Amorim

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...