Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable To Forward Data To Splunk Cloud From Linux

tarunchawla28
Engager
‎03-17-2019 11:29 PM

Under my free trial version of Splunk Cloud, I am trying to send data from linux instance to splunk cloud.
I created an EC2 and configured the Universal Forwarder over it by following this documentation

https://docs.splunk.com/Documentation/SplunkCloud/7.2.4/User/ForwardDataToSplunkCloudFromLinux

Following this doc, after setting the deploy poll on my linux instance(where universal forwarder is installed), I can see the IP of my instance under available host (Setting-> Add data-> forward) in my splunk cloud. I select this host and for configuring source in my splunk cloud, I select the file or directory say as /var/log/auth.log.

I can't see anything in my search even if I do * and select time as all time.

Tags (1)
0 Karma
Reply

deepashri_123
Motivator
‎03-18-2019 02:34 AM

Hi tarunchawla28,

Have you enabled the receiver? Refer this link:
https://docs.splunk.com/Documentation/Splunk/7.2.4/AddMSWinCloud/EnableReceiver

Also in your search tab can u check index=* and run the query

Let me know if this helps!!

0 Karma
Reply

tarunchawla28
Engager
‎04-07-2019 10:44 PM

Did the whole thing again. After some time, I got the data from my linux instance. Can't say why it took time.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...