Security

Missing files on Splunk Cloud trial?

asmyth1995
Explorer

Hi, I have been working on configuring a universal forwarder on a free Splunk Cloud trial. I have been using the the link below to setup the forwarder:
https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Configuretheuniversalforwarder?ref=h...

There are three files that are missing from the folder specified under Find the configuration files which are:

  • inputs.conf 
  • outputs.conf
  • deploymentclient.conf 

Is that meant to happen in a free Splunk Cloud trial?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you only have a single Universal Forwarder (UF) then you don't need deploymentclient.conf.  Worry about that when you have multiple UFs to manage.

The outputs.conf file is provided by Splunk.  Go to the "Universal Forwarder" app on your Splunk Cloud trial instance.  Download the configuration file provided by the app and install it on the UF.  Instructions are in the app.

The UF does come with inputs.conf, but it's not where the docs say it is.  You can find the file in $SPLUNK_HOME/etc/system/default.  DO NOT MODIFY ANY FILES IN THIS DIRECTORY.  Instead, copy the stanza name and the settings you wish to change to $SPLUNK_HOME/etc/system/local and make your changes there.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...