Re: Getting Windows data into Splunk Cloud - Page 2

theitgui · ‎05-10-2022

Good Morning,

I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are showing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. These are all Server 2019 machines.

I have verified inputs.conf is pointing event logs to index:wineventlog but that index locally has 0 results and about 112,000 results on the cloud server.

I'm sure it's something simple I'm missing with all the moving parts. Thank you in advance!

Stefanie · ‎05-10-2022

Are you using the 0MB Deployment Server License that the article mentions? That might be causing the issue.

Ultimately it seems that this issue is a little more complicated than initially anticipated. I would suggest working directly with Technical Support from Splunk.

theitgui · ‎05-10-2022

I am not. I wasn't sure how to go about getting the license for a Cloud free trial. Didn't seem to be geared toward Cloud trials.

Thank you for all of your help today. I do appreciate it.

How to get Windows data into Splunk Cloud?

inputs.conf

universal forwarder

Windows

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?