Splunk Cloud Platform

Splunk Heavy Forwarded to Splunk Cloud?

JohnACERTUS
Explorer

Am I going crazy or is there legit not documentation on setting up a HF to point and send data to our cloud instance?  

 

All the documentation I am finding is centered around a 100% on-prem setup.  

 

Anyone have any luck with this?

Labels (1)

JohnACERTUS
Explorer

I've done this 

"If you want to set up a heavy forwarder to send data in Splunk Cloud, request a deployment server license from Splunk support to allow them to carry out functions above and beyond what is covered by the forwarder license. See Data collection in the Splunk Cloud Service Description."

On the data collection link, can you point to me where it specifies? 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Follow the instructions in the second link provided.

---
If this reply helps you, Karma would be appreciated.
0 Karma

JohnACERTUS
Explorer

Maybe I'm still missing something but i've read over that documentation and noticed that it still doesn't specify how to forward logs from HF to splunk cloud.  One notable thing is it doesn't say what the URL:PORT to use...  

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It's documented.  See https://docs.splunk.com/Documentation/SplunkCloud/8.1.2101/Data/UsingforwardingagentsCloud or https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/HowtoforwarddatatoSplunkCloud

You also can go to the "Universal Forwarder" app in your Splunk Cloud instance for instructions.

---
If this reply helps you, Karma would be appreciated.
0 Karma

JohnACERTUS
Explorer
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk is a very Linux-centric company so Windows-oriented instructions are not as common as they could be. Most of the time, all a Windows admin needs to do is change file path delimiters, but every now and then a Linux command has to be replaced with a Windows equivalent.  

In this case, I use 7-zip in place of tar.  Also, Ubuntu on Windows has tar available.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...