Hi All,
I'm trying to forward logs from a FreeBSD machine to our Splunk Cloud instance. I've downloaded the spl file that is located within the site, but when I try to install the app, it is still not connecting. I validated that the port is open, and I have not done anything with the conf files other than using the CLI commands to add monitoring. One thing I did notice is that our Windows machines have (ssl) beside their "Active forwards" where as my "Inactive forwards" do not have (ssl) beside them. I had assumed the certificate was part of the .spl install. Any ideas?
Best,
Michael
So it turns out the spl file retrieved from the Splunk Cloud instance set Outputs.conf file in the splunkuniversalforwarder folder to a site it could not resolve. I updated that site to the ip equivalent and it started working. Not sure why this works in our non-unix environments.
So it turns out the spl file retrieved from the Splunk Cloud instance set Outputs.conf file in the splunkuniversalforwarder folder to a site it could not resolve. I updated that site to the ip equivalent and it started working. Not sure why this works in our non-unix environments.