Re: Getting Windows data into Splunk Cloud - Page 2

theitgui · ‎05-10-2022

Good Morning,

I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are showing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. These are all Server 2019 machines.

I have verified inputs.conf is pointing event logs to index:wineventlog but that index locally has 0 results and about 112,000 results on the cloud server.

I'm sure it's something simple I'm missing with all the moving parts. Thank you in advance!

Stefanie · ‎05-10-2022

Are you using the 0MB Deployment Server License that the article mentions? That might be causing the issue.

Ultimately it seems that this issue is a little more complicated than initially anticipated. I would suggest working directly with Technical Support from Splunk.

theitgui · ‎05-10-2022

I am not. I wasn't sure how to go about getting the license for a Cloud free trial. Didn't seem to be geared toward Cloud trials.

Thank you for all of your help today. I do appreciate it.

How to get Windows data into Splunk Cloud?

inputs.conf

universal forwarder

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Join the Conversation