Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Issue While Onboarding the Data into Splunk Cloud

anandhalagarasa
Path Finder
‎02-12-2019 10:50 PM

I am new to Splunk Cloud. Recently we have purchased Splunk Cloud for our organization and I have got the Splunk Cloud URL as provided by the Support.

Post which I have tried to ingest some logs from a server into Splunk cloud by navigating to Splunk Cloud URL->Universal Forwarder. And I have followed the exact steps as mentioned in the below URL:

https://docs.splunk.com/Documentation/SplunkCloud/7.1.3/User/ForwardDataToSplunkCloudFromWindows

I have downloaded and installed the UF in the machine. Then have downloaded the splunkclouduf.spl file and installed as mentioned. And restarted the Splunk Forwarder services but still I couldn’t able to see any internal logs for the server itself.

When I search the data for last 30 minutes as index=_internal I am getting the results for Indexers, Search Head and so on but not for the particular host which we have installed with UF.

And also when I checked the splunkd.log of the particular host I am getting these messages.

TcpOutputProc - The TCP output processor has paused the data flow. Forwarding to output group splunkcloud has been blocked for 61300 seconds. This will probably stall the data flow towards indexing and other network outputs. Review the receiving system's health in the Splunk Monitoring Console. It is probably not accepting data.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎02-13-2019 08:56 AM

By default the data comes in on port 9997 for non-SSL and 9998 for SSL. Check for firewall blocks on those ports. This kind of thing is almost always the firewall.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...