When you sign up for Splunk Cloud, you receive an email with instructions for logging in to your Cloud account. You also receive an app for your forwarder which is unique to you and helps you to configure your forwarder to send data to your Cloud deployment as shown on the Cloud documentation http://docs.splunk.com/Documentation/SplunkCloud/latest/User/GetstartedwithSplunkCloud
According to step 3
"3. To help configure your forwarder, we've provided an app. Your app is unique to you. Unzip the attached file and move the entire unzipped directory into your forwarder app directory, /opt/splunkforwarder/etc/apps"
Where do I actually find this app? online in the App List? Does it get emailed?
So when you become a Splunk Cloud customer, you get a "Getting Started" email that has both your Cloud account login instructions and the forwarder app. The top of that page you're reading says to contact email@example.com to sign up for Splunk Cloud. Only then will you receive an email with everything you need. Have you done that first step yet? 🙂
I have to second what ppablo says: the page you are quoting from the documentation contains the complete answer to the question you asked. The top of that page explains: (1) When you sign up, you will receive a getting started email from your sales rep, and (2) the email will contain login instructions and the forwarder app. Then, the sentence that you quote says that the forwarder app is a file attached to that email. So that's where it is. From there, see the "CLI commands for input" topic, then restart your forwarder.
What's written above is true for Splunk Cloud. However, its presently different than the online sandbox. The online sandbox is not a full featured version of Splunk, there are limitations:
5 GB /day 15 day retention
5/GB Day License
28 GB total disk space
GUI Only no CLI
Open ports 443 and 9997
Whats new in the sandbox:
Drag and Drop inputs
Additional source types (27)
Whats not there:
No new inputs
No CLI, no ssh
Limited email alerts (2 per minute)
No API or SDK
There is no configuration app for the Sandbox. If you want to use a forwarder to send data into Splunk Cloud Sandbox, please follow these instructions:
,There is presently a difference between Splunk Cloud and Splunk Sandbox (free 2 week trial). Whats written about the "forwarder app" above is applicable to Splunk Cloud.
To get data into the Sandbox from the forwarder, you will not get a config app, you have to make the changes yourself. See this article on how to get data into the Sandbox.
Here is an example of how to setup the credentials to send data to your Splunkcloud deployment
The file is a SPL file 100mydeploymentnamesplunkcloud.spl
but if you want to rename it tar.gz you can untar it and check the content. (a default folder, a readme, maybe a cert folder in older versions)
To install the credentials :
if you are doing the install on the command line, use the splunk app install command with splunk running.
go to the splunk folder in the bin folder
splunk app install "path\to\100mydeploymentnamesplunkcloud.spl"
If you are using the default credentials, the user is "admin", the password "changeme"
if you want to use a third party deployment tool (chef, etc...)
untar the 100mydeploymentnamesplunkcloud.spl and push it to your forwarders in the apps folder
you want at the end something like
$SPLUNKHOME\etc\apps\100mydeploymentnamesplunkcloud with the default folder inside
if you want to use a splunk deployment server :
Make sure that you already have a license to enable the deployment server.
And make sure that your forwarders are all deployment-clients of this instance.
Then untar the app in the deployment server special folder deployment-apps
$SPLUNKHOME\etc\deployment-apps\100mydeploymentname_splunkcloud with the default folder inside
And use the UI manager or the serverclass.conf to define your classes and on which forwarder deploy which app.
my company signed up for cloud. but that was months ago. now i'm doing a new server. so any 'email' that someone might have gotten is gone.
so if you would kindly FIX the docs page https://frustratedcustomer.splunkcloud.com/en-US/app/splunkclouduf/setupuf
where the links are BROKEN, that might make it easier to perform these steps...
"Make sure that you didn't already tried to setup your forwarding destination, at install time, or using the CLI, or the MSI installer.
is just confusing. the instrux at the link said to run the MSI