Splunk Cloud Platform

How to forward syslog from AWS instances to Splunk Cloud?

neerajs_81
Builder

Hi- 
We have *nix server (ec2 instance) in AWS.  How can we forward one of the application log files from this ec2 instance to our Splunk Cloud instance ?
  I am bit confused about the approach of using Universal Forwarder. As per https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Admin/Configureinputs ;  the UF needs to point (via outputs.conf) to the indexer tier.  But the indexer tier is all managed by Splunk themselves and we don't have any visibility.  Whose hostname or IP am i supposed to put in outputs.conf then ?   Pls note my requirement is not about ingesting Cloudwatch or Cloudtrail logs, for that we are all set. 

All we have access to is Splunk Cloud Search head ( which is also our IDM Instance) and a couple of Heavy forwarders on premise. 
As per Forwarding to Splunk cloud from AWS and on prem - Splunk Community  we can send UF logs directly to Splunk Cloud which brings me back to my original question about what exactly do i need to put in UF conf file to route it to Splunk Cloud ?  Do i need to give the Search head URL ?

Labels (2)
Tags (2)
0 Karma
1 Solution

m_pham
Splunk Employee
Splunk Employee

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

View solution in original post

m_pham
Splunk Employee
Splunk Employee

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

neerajs_81
Builder

Thank you.  What about the firewall ports that need to be opened to make this work? Is it just allowing port 443  from AWS network to Splunk Cloud?  I couldn't find this info in the documentation. 

 

 

0 Karma

m_pham
Splunk Employee
Splunk Employee

Splunk Cloud uses the standard port 9997 for data ingest.

Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...