- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to get Windows data into Splunk Cloud?
Good Morning,
I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are showing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. These are all Server 2019 machines.
I have verified inputs.conf is pointing event logs to index:wineventlog but that index locally has 0 results and about 112,000 results on the cloud server.
I'm sure it's something simple I'm missing with all the moving parts. Thank you in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you using the 0MB Deployment Server License that the article mentions? That might be causing the issue.
Ultimately it seems that this issue is a little more complicated than initially anticipated. I would suggest working directly with Technical Support from Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not. I wasn't sure how to go about getting the license for a Cloud free trial. Didn't seem to be geared toward Cloud trials.
Thank you for all of your help today. I do appreciate it.
