Getting Data In

What are the inputs available on SplunkCloud

mataharry
Communicator

I had a SplunkStorm project, and I was sending data directly with 5 different inputs.

  • Upload small file on the web UI
  • Splunk Universal forwarder over SSL
  • TCP port
  • UDP port
  • API inputs with special api key

What are the options for SplunkCloud ?

Tags (2)
1 Solution

yannK
Splunk Employee
Splunk Employee

You have less options on the Splunk Cloud search-head to send data :
So you have to switch to forwarders to retrieve the data then forward to the splunk cloud indexers.

The main reason is that you are sending your data over internet, so YOU WANT ENCRYPTION.

Recommended method : Use a forwarder

  • Setup a forwarder on your server (Universal, or lightweight, or heavyweight or indexer), to collect the events.
  • Configure the forwarder to send the data to the splunk cloud deployment, using the forwarder credential app provided. The forwarder package is in the welcome email, or downloadable on the search app in the "Universal Forwarder" app page. http://docs.splunk.com/Documentation/SplunkCloud/latest/User/GetstartedwithSplunkCloud

The inputs that you can setup on the forwarder can be anything :

Remarks :

  • The advantage is that the forwarder is in your network, so you have full control, and can use a deployment-server to manage them.
  • If you want to parse and filter your events, you can use a heavy forwarder.
  • if you have components apps to parse the events at indextime , make sure to request the proper apps to be deployed on the cloud indexers.

As an alternative the only inputs on the cloud search-head are
- upload a file (up to 100Mb)
- apps doing remote queries (dbconnect), it requires ports to be open (reach support)
- API inputs if the api port has been open (reach support)

View solution in original post

yannK
Splunk Employee
Splunk Employee

You have less options on the Splunk Cloud search-head to send data :
So you have to switch to forwarders to retrieve the data then forward to the splunk cloud indexers.

The main reason is that you are sending your data over internet, so YOU WANT ENCRYPTION.

Recommended method : Use a forwarder

  • Setup a forwarder on your server (Universal, or lightweight, or heavyweight or indexer), to collect the events.
  • Configure the forwarder to send the data to the splunk cloud deployment, using the forwarder credential app provided. The forwarder package is in the welcome email, or downloadable on the search app in the "Universal Forwarder" app page. http://docs.splunk.com/Documentation/SplunkCloud/latest/User/GetstartedwithSplunkCloud

The inputs that you can setup on the forwarder can be anything :

Remarks :

  • The advantage is that the forwarder is in your network, so you have full control, and can use a deployment-server to manage them.
  • If you want to parse and filter your events, you can use a heavy forwarder.
  • if you have components apps to parse the events at indextime , make sure to request the proper apps to be deployed on the cloud indexers.

As an alternative the only inputs on the cloud search-head are
- upload a file (up to 100Mb)
- apps doing remote queries (dbconnect), it requires ports to be open (reach support)
- API inputs if the api port has been open (reach support)

View solution in original post

Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!