Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable To Forward Data To Splunk Cloud From Linux

tarunchawla28
Engager
‎03-17-2019 11:29 PM

Under my free trial version of Splunk Cloud, I am trying to send data from linux instance to splunk cloud.
I created an EC2 and configured the Universal Forwarder over it by following this documentation

https://docs.splunk.com/Documentation/SplunkCloud/7.2.4/User/ForwardDataToSplunkCloudFromLinux

Following this doc, after setting the deploy poll on my linux instance(where universal forwarder is installed), I can see the IP of my instance under available host (Setting-> Add data-> forward) in my splunk cloud. I select this host and for configuring source in my splunk cloud, I select the file or directory say as /var/log/auth.log.

I can't see anything in my search even if I do * and select time as all time.

Tags (1)
0 Karma
Reply

deepashri_123
Motivator
‎03-18-2019 02:34 AM

Hi tarunchawla28,

Have you enabled the receiver? Refer this link:
https://docs.splunk.com/Documentation/Splunk/7.2.4/AddMSWinCloud/EnableReceiver

Also in your search tab can u check index=* and run the query

Let me know if this helps!!

0 Karma
Reply

tarunchawla28
Engager
‎04-07-2019 10:44 PM

Did the whole thing again. After some time, I got the data from my linux instance. Can't say why it took time.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...