Splunk Cloud Platform

How to forward syslog from AWS instances to Splunk Cloud?

neerajs_81
Builder

Hi- 
We have *nix server (ec2 instance) in AWS.  How can we forward one of the application log files from this ec2 instance to our Splunk Cloud instance ?
  I am bit confused about the approach of using Universal Forwarder. As per https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Admin/Configureinputs ;  the UF needs to point (via outputs.conf) to the indexer tier.  But the indexer tier is all managed by Splunk themselves and we don't have any visibility.  Whose hostname or IP am i supposed to put in outputs.conf then ?   Pls note my requirement is not about ingesting Cloudwatch or Cloudtrail logs, for that we are all set. 

All we have access to is Splunk Cloud Search head ( which is also our IDM Instance) and a couple of Heavy forwarders on premise. 
As per Forwarding to Splunk cloud from AWS and on prem - Splunk Community  we can send UF logs directly to Splunk Cloud which brings me back to my original question about what exactly do i need to put in UF conf file to route it to Splunk Cloud ?  Do i need to give the Search head URL ?

Labels (2)
Tags (2)
0 Karma
1 Solution

m_pham
Splunk Employee
Splunk Employee

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

View solution in original post

m_pham
Splunk Employee
Splunk Employee

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

neerajs_81
Builder

Thank you.  What about the firewall ports that need to be opened to make this work? Is it just allowing port 443  from AWS network to Splunk Cloud?  I couldn't find this info in the documentation. 

 

 

0 Karma

m_pham
Splunk Employee
Splunk Employee

Splunk Cloud uses the standard port 9997 for data ingest.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...