Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable To Forward Data To Splunk Cloud From Linux

tarunchawla28
Engager
‎03-17-2019 11:29 PM

Under my free trial version of Splunk Cloud, I am trying to send data from linux instance to splunk cloud.
I created an EC2 and configured the Universal Forwarder over it by following this documentation

https://docs.splunk.com/Documentation/SplunkCloud/7.2.4/User/ForwardDataToSplunkCloudFromLinux

Following this doc, after setting the deploy poll on my linux instance(where universal forwarder is installed), I can see the IP of my instance under available host (Setting-> Add data-> forward) in my splunk cloud. I select this host and for configuring source in my splunk cloud, I select the file or directory say as /var/log/auth.log.

I can't see anything in my search even if I do * and select time as all time.

Tags (1)
0 Karma
Reply

deepashri_123
Motivator
‎03-18-2019 02:34 AM

Hi tarunchawla28,

Have you enabled the receiver? Refer this link:
https://docs.splunk.com/Documentation/Splunk/7.2.4/AddMSWinCloud/EnableReceiver

Also in your search tab can u check index=* and run the query

Let me know if this helps!!

0 Karma
Reply

tarunchawla28
Engager
‎04-07-2019 10:44 PM

Did the whole thing again. After some time, I got the data from my linux instance. Can't say why it took time.

0 Karma
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...