I need to configure a heavy forwarder to work with Splunk cloud.
There are no documents about it on the Splunk base.
This tip does not work: https://answers.splunk.com/answers/478035/how-to-set-up-a-heavy-forwarder-to-forward-data-to.html
Could you help me?
Yes, we can help you, but we need more information. Explain what "does not work" means. What are the exact steps you took? What error messages do you get?
I didnt took any steps. I am getting information about it
I need to install heavy forwarder because I am going to install Splunk Add-on for Microsoft SQL Server.
I am using Splunk Version 7.0.13 - Splunk Build b6e41c05f519
When I took a look on the documentation to deploy heavy forwarders and this document say to configure the following parameters to send data to Splunk Enterprise:
splunk add forward-server : -auth :
However, I am using Splunk Cloud.
When I took a look on the Splunk Cloud documentation, I found only information to configure universal forwarders, through credentials to comunicate with Splunk Cloud instance.
Have you looked at Splunk Docs (docs.splunk.com)?
There is a document about deploying heavy forwarders at https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/Forwarding/Deployaheavyforwarder
Installing a heavy forwarder for Splunk Cloud is nearly the same as for Splunk Enterprise. The only difference is you must download the universalforwarder app (don't let the name distract you) from your Cloud instance and install it on your HF.
Thanks Richgalloway! Just to make sure, I need to install both HF and UF?
Its necessary to do some configuration on the HF?
You do not need a UF, just a HF. The HF gets the same outputs.conf settings as a UF would, however, so it uses the app you download from your Splunk Cloud instance. IIRC, it's available from Apps->Universal Forwarder.
I understood that to send data to Splunk Cloud, I need to download and install the universal forwarder credentials. If I just configure HF to point to cloud without credential, will not work. Make sense?