Missing files on Splunk Cloud trial?

asmyth1995 · ‎05-16-2023

Hi, I have been working on configuring a universal forwarder on a free Splunk Cloud trial. I have been using the the link below to setup the forwarder:
https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Configuretheuniversalforwarder?ref=h...

There are three files that are missing from the folder specified under Find the configuration files which are:

inputs.conf
outputs.conf
deploymentclient.conf

Is that meant to happen in a free Splunk Cloud trial?

richgalloway · ‎05-16-2023

If you only have a single Universal Forwarder (UF) then you don't need deploymentclient.conf. Worry about that when you have multiple UFs to manage.

The outputs.conf file is provided by Splunk. Go to the "Universal Forwarder" app on your Splunk Cloud trial instance. Download the configuration file provided by the app and install it on the UF. Instructions are in the app.

The UF does come with inputs.conf, but it's not where the docs say it is. You can find the file in $SPLUNK_HOME/etc/system/default. DO NOT MODIFY ANY FILES IN THIS DIRECTORY. Instead, copy the stanza name and the settings you wish to change to $SPLUNK_HOME/etc/system/local and make your changes there.

---
If this reply helps you, Karma would be appreciated.

Missing files on Splunk Cloud trial?

other

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI