I am new to Splunk and I am trying to test Splunk Cloud with my AWS instance. I have a forwarder built in AWS.
It does not show up in the forwarders of my cloud instance
It installs fine according to the instructions provided. I have installed using the .spl file and a local admin account. I restarted Splunk using the CLI. no errors were encountered - here is the output
.\splunk.exe restart SplunkForwarder:
Splunk> Like an F-18, bro.
Checking mgmt port : open
Checking conf files for problems...
Checking default conf files for edits...
Validating installed files against hashes from 'C:\Program
All installed files intact.
Done All preliminary checks passed.
Starting splunk server daemon
SplunkForwarder: Starting (pid 2200)
The forwarder has internet access, and Windows firewall has been disabled.
I have added a syslog listener to the forwarder using Splunk add udp 514 -sourcetype syslog
I have confirmed that data is getting to the forwarder using wireshark but I don't see data being forwarded out
how can I determine what the issue is?
Since you have the Cloud Forwarder app installed from your Splunk Cloud instance, your host should be sending data to Splunk Cloud.
First run the following search
index=_internal | stats count by host
Note the hosts sending data to your instance. You should be seeing your "AWS instance" listed there. Is it?
If so, in the forwarder list in the Management Console section, this can take time to populate.
thank you! - There is actual data from my forwarder
The directions led me to believe that I had to configure the forwarder which was not showing up ( and still isnt ) , Ididnt think to check for any data