Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to configure a heavy forwarder with Splunk Cloud

marceloamorim
New Member
‎12-04-2019 07:49 AM

Guys,

I need to configure a heavy forwarder to work with Splunk cloud.
There are no documents about it on the Splunk base.
This tip does not work: https://answers.splunk.com/answers/478035/how-to-set-up-a-heavy-forwarder-to-forward-data-to.html

Could you help me?

Marcelo Amorim

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2019 08:20 AM

Have you looked at Splunk Docs (docs.splunk.com)?
There is a document about deploying heavy forwarders at https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/Forwarding/Deployaheavyforwarder
Installing a heavy forwarder for Splunk Cloud is nearly the same as for Splunk Enterprise. The only difference is you must download the universalforwarder app (don't let the name distract you) from your Cloud instance and install it on your HF.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

marceloamorim
New Member
‎12-04-2019 09:30 AM

Thanks Richgalloway! Just to make sure, I need to install both HF and UF?
Its necessary to do some configuration on the HF?

Marcelo.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2019 10:05 AM

You do not need a UF, just a HF. The HF gets the same outputs.conf settings as a UF would, however, so it uses the app you download from your Splunk Cloud instance. IIRC, it's available from Apps->Universal Forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

marceloamorim
New Member
‎12-05-2019 04:50 AM

I understood that to send data to Splunk Cloud, I need to download and install the universal forwarder credentials. If I just configure HF to point to cloud without credential, will not work. Make sense?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-11-2019 03:56 AM

Yes, makes sense.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2019 08:17 AM

Yes, we can help you, but we need more information. Explain what "does not work" means. What are the exact steps you took? What error messages do you get?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

marceloamorim
New Member
‎12-04-2019 09:25 AM

Hi Richgalloway!

I didnt took any steps. I am getting information about it
I need to install heavy forwarder because I am going to install Splunk Add-on for Microsoft SQL Server.
I am using Splunk Version 7.0.13 - Splunk Build b6e41c05f519

When I took a look on the documentation to deploy heavy forwarders and this document say to configure the following parameters to send data to Splunk Enterprise:
splunk add forward-server : -auth :
However, I am using Splunk Cloud.

When I took a look on the Splunk Cloud documentation, I found only information to configure universal forwarders, through credentials to comunicate with Splunk Cloud instance.

thanks,

Marcelo Amorim

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...