Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to forward syslog from AWS instances to Splunk Cloud?

neerajs_81
Builder
‎08-11-2022 11:46 PM

Hi- 
We have *nix server (ec2 instance) in AWS.  How can we forward one of the application log files from this ec2 instance to our Splunk Cloud instance ?
  I am bit confused about the approach of using Universal Forwarder. As per https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Admin/Configureinputs ;  the UF needs to point (via outputs.conf) to the indexer tier.  But the indexer tier is all managed by Splunk themselves and we don't have any visibility.  Whose hostname or IP am i supposed to put in outputs.conf then ?   Pls note my requirement is not about ingesting Cloudwatch or Cloudtrail logs, for that we are all set. 

All we have access to is Splunk Cloud Search head ( which is also our IDM Instance) and a couple of Heavy forwarders on premise. 
As per Forwarding to Splunk cloud from AWS and on prem - Splunk Community  we can send UF logs directly to Splunk Cloud which brings me back to my original question about what exactly do i need to put in UF conf file to route it to Splunk Cloud ?  Do i need to give the Search head URL ?

Labels (2)
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

m_pham
Splunk Employee
Splunk Employee
‎08-12-2022 12:47 PM

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

View solution in original post

Reply
Solved! Jump to solution
Solution

m_pham
Splunk Employee
Splunk Employee
‎08-12-2022 12:47 PM

Your Splunk Cloud (SC) stack has the UF package that you can download and install on any HF or UF to start sending data to SC. You'll need to get onto your SC search head (SH) and download the package: https://docs.splunk.com/Documentation/Forwarder/9.0.0/Forwarder/ConfigSCUFCredentials#Install_the_fo...

 

Reply
Solved! Jump to solution

neerajs_81
Builder
‎08-13-2022 01:57 AM

Thank you.  What about the firewall ports that need to be opened to make this work? Is it just allowing port 443  from AWS network to Splunk Cloud?  I couldn't find this info in the documentation. 

 

 

0 Karma
Reply
Solved! Jump to solution

m_pham
Splunk Employee
Splunk Employee
‎08-26-2022 12:53 PM

Splunk Cloud uses the standard port 9997 for data ingest.

Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...