Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable To Forward Data To Splunk Cloud From Linux

tarunchawla28
Engager
‎03-17-2019 11:29 PM

Under my free trial version of Splunk Cloud, I am trying to send data from linux instance to splunk cloud.
I created an EC2 and configured the Universal Forwarder over it by following this documentation

https://docs.splunk.com/Documentation/SplunkCloud/7.2.4/User/ForwardDataToSplunkCloudFromLinux

Following this doc, after setting the deploy poll on my linux instance(where universal forwarder is installed), I can see the IP of my instance under available host (Setting-> Add data-> forward) in my splunk cloud. I select this host and for configuring source in my splunk cloud, I select the file or directory say as /var/log/auth.log.

I can't see anything in my search even if I do * and select time as all time.

Tags (1)
0 Karma
Reply

deepashri_123
Motivator
‎03-18-2019 02:34 AM

Hi tarunchawla28,

Have you enabled the receiver? Refer this link:
https://docs.splunk.com/Documentation/Splunk/7.2.4/AddMSWinCloud/EnableReceiver

Also in your search tab can u check index=* and run the query

Let me know if this helps!!

0 Karma
Reply

tarunchawla28
Engager
‎04-07-2019 10:44 PM

Did the whole thing again. After some time, I got the data from my linux instance. Can't say why it took time.

0 Karma
Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...