Getting Data In

Why am I unable to forward logs from a FreeBSD machine to our managed Splunk Cloud instance?

Michael_Carlisl
Explorer

Hi All,

I'm trying to forward logs from a FreeBSD machine to our Splunk Cloud instance. I've downloaded the spl file that is located within the site, but when I try to install the app, it is still not connecting. I validated that the port is open, and I have not done anything with the conf files other than using the CLI commands to add monitoring. One thing I did notice is that our Windows machines have (ssl) beside their "Active forwards" where as my "Inactive forwards" do not have (ssl) beside them. I had assumed the certificate was part of the .spl install. Any ideas?

Best,
Michael

0 Karma
1 Solution

Michael_Carlisl
Explorer

So it turns out the spl file retrieved from the Splunk Cloud instance set Outputs.conf file in the splunkuniversalforwarder folder to a site it could not resolve. I updated that site to the ip equivalent and it started working. Not sure why this works in our non-unix environments.

View solution in original post

0 Karma

Michael_Carlisl
Explorer

So it turns out the spl file retrieved from the Splunk Cloud instance set Outputs.conf file in the splunkuniversalforwarder folder to a site it could not resolve. I updated that site to the ip equivalent and it started working. Not sure why this works in our non-unix environments.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...