Getting Data In
Highlighted

How to configure a heavy forwarder with Splunk Cloud

New Member

Guys,

I need to configure a heavy forwarder to work with Splunk cloud.
There are no documents about it on the Splunk base.
This tip does not work: https://answers.splunk.com/answers/478035/how-to-set-up-a-heavy-forwarder-to-forward-data-to.html

Could you help me?

Marcelo Amorim

0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

SplunkTrust
SplunkTrust

Yes, we can help you, but we need more information. Explain what "does not work" means. What are the exact steps you took? What error messages do you get?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

New Member

Hi Richgalloway!

I didnt took any steps. I am getting information about it
I need to install heavy forwarder because I am going to install Splunk Add-on for Microsoft SQL Server.
I am using Splunk Version 7.0.13 - Splunk Build b6e41c05f519

When I took a look on the documentation to deploy heavy forwarders and this document say to configure the following parameters to send data to Splunk Enterprise:
splunk add forward-server : -auth :
However, I am using Splunk Cloud.

When I took a look on the Splunk Cloud documentation, I found only information to configure universal forwarders, through credentials to comunicate with Splunk Cloud instance.

thanks,

Marcelo Amorim

0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

SplunkTrust
SplunkTrust

Have you looked at Splunk Docs (docs.splunk.com)?
There is a document about deploying heavy forwarders at https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/Forwarding/Deployaheavyforwarder
Installing a heavy forwarder for Splunk Cloud is nearly the same as for Splunk Enterprise. The only difference is you must download the universalforwarder app (don't let the name distract you) from your Cloud instance and install it on your HF.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

New Member

Thanks Richgalloway! Just to make sure, I need to install both HF and UF?
Its necessary to do some configuration on the HF?

Marcelo.

0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

SplunkTrust
SplunkTrust

You do not need a UF, just a HF. The HF gets the same outputs.conf settings as a UF would, however, so it uses the app you download from your Splunk Cloud instance. IIRC, it's available from Apps->Universal Forwarder.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

New Member

I understood that to send data to Splunk Cloud, I need to download and install the universal forwarder credentials. If I just configure HF to point to cloud without credential, will not work. Make sense?

0 Karma
Highlighted

Re: How to configure a heavy forwarder with Splunk Cloud

SplunkTrust
SplunkTrust

Yes, makes sense.

---
If this reply helps you, an upvote would be appreciated.
0 Karma