Splunk Cloud Platform

How to forward syslog from AWS instances to Splunk Cloud?

neerajs_81
Builder

Hi- 
We have *nix server (ec2 instance) in AWS.  How can we forward one of the application log files from this ec2 instance to our Splunk Cloud instance ?
  I am bit confused about the approach of using Universal Forwarder. As per https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Admin/Configureinputs ;  the UF needs to point (via outputs.conf) to the indexer tier.  But the indexer tier is all managed by Splunk themselves and we don't have any visibility.  Whose hostname or IP am i supposed to put in outputs.conf then ?   Pls note my requirement is not about ingesting Cloudwatch or Cloudtrail logs, for that we are all set. 

All we have access to is Splunk Cloud Search head ( which is also our IDM Instance) and a couple of Heavy forwarders on premise. 
As per Forwarding to Splunk cloud from AWS and on prem - Splunk Community  we can send UF logs directly to Splunk Cloud which brings me back to my original question about what exactly do i need to put in UF conf file to route it to Splunk Cloud ?  Do i need to give the Search head URL ?

Labels (2)
Tags (2)
0 Karma
1 Solution

m_pham
Splunk Employee
Splunk Employee

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

View solution in original post

m_pham
Splunk Employee
Splunk Employee

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

neerajs_81
Builder

Thank you.  What about the firewall ports that need to be opened to make this work? Is it just allowing port 443  from AWS network to Splunk Cloud?  I couldn't find this info in the documentation. 

 

 

0 Karma

m_pham
Splunk Employee
Splunk Employee

Splunk Cloud uses the standard port 9997 for data ingest.

Get Updates on the Splunk Community!

Introducing New Splunkbase Governance!

Splunk apps are essential for maximizing the value of your Splunk Experience. Whether you’re using the default ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...