How to connect a heavy forwarder to Splunk Cloud?

Dayane_tr · ‎06-22-2022

Hello,

I have a linux machine where Splunk Enterprise is installed and I would like to use Heavy forwarder to send the files to the cloud.

How do I install the "app"(splunkclouduf.spl) from the cloud instance in Splunk Enterprise?

I don't have access to the Splunk Enterprise web interface, only access to the linux machine.

Regards

PickleRick · ‎06-25-2022

I never remember the proper syntax, but it's either

/opt/splunk/bin/splunk app install app_package.spl

or

/opt/splunk/bin/splunk install app app_package.spl

Roy_9 · ‎06-25-2022

@Dayane_tr After the untar is done as rich suggested, you should open a FW connection from HF to Splunk Cloud(basically will be as inputs*.abc.splunkcloud.com) something like that on port 9997.

richgalloway · ‎06-22-2022

Install the app like you would install any other app on the command line. Untar the file to $SPLUNK_HOME/etc/apps then restart the HF.

tar -zxf splunkclouduf.spl -C /opt/splunk/etc/apps

---
If this reply helps you, Karma would be appreciated.

How to connect a heavy forwarder to Splunk Cloud?

configuration

using Splunk Cloud

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!