Re: How to connect a heavy forwarder to Splunk Clo...

Dayane_tr · ‎06-22-2022

Hello,

I have a linux machine where Splunk Enterprise is installed and I would like to use Heavy forwarder to send the files to the cloud.

How do I install the "app"(splunkclouduf.spl) from the cloud instance in Splunk Enterprise?

I don't have access to the Splunk Enterprise web interface, only access to the linux machine.

Regards

PickleRick · ‎06-25-2022

I never remember the proper syntax, but it's either

/opt/splunk/bin/splunk app install app_package.spl

or

/opt/splunk/bin/splunk install app app_package.spl

Roy_9 · ‎06-25-2022

@Dayane_tr After the untar is done as rich suggested, you should open a FW connection from HF to Splunk Cloud(basically will be as inputs*.abc.splunkcloud.com) something like that on port 9997.

richgalloway · ‎06-22-2022

Install the app like you would install any other app on the command line. Untar the file to $SPLUNK_HOME/etc/apps then restart the HF.

tar -zxf splunkclouduf.spl -C /opt/splunk/etc/apps

---
If this reply helps you, Karma would be appreciated.

How to connect a heavy forwarder to Splunk Cloud?

configuration

using Splunk Cloud

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation