Re: Getting Windows data into Splunk Cloud - Page 2

theitgui · ‎05-10-2022

Good Morning,

I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are showing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. These are all Server 2019 machines.

I have verified inputs.conf is pointing event logs to index:wineventlog but that index locally has 0 results and about 112,000 results on the cloud server.

I'm sure it's something simple I'm missing with all the moving parts. Thank you in advance!

Stefanie · ‎05-10-2022

Are you using the 0MB Deployment Server License that the article mentions? That might be causing the issue.

Ultimately it seems that this issue is a little more complicated than initially anticipated. I would suggest working directly with Technical Support from Splunk.

theitgui · ‎05-10-2022

I am not. I wasn't sure how to go about getting the license for a Cloud free trial. Didn't seem to be geared toward Cloud trials.

Thank you for all of your help today. I do appreciate it.

How to get Windows data into Splunk Cloud?

inputs.conf

universal forwarder

Windows

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!