@rahusri2 1. Configure the `inputs.conf` file on your forwarders to monitor the `/var/log` directory and create an index on the indexers. 2. Download the `outputs.conf` file (Splunk Cloud Platfor...
See more...
@rahusri2 1. Configure the `inputs.conf` file on your forwarders to monitor the `/var/log` directory and create an index on the indexers. 2. Download the `outputs.conf` file (Splunk Cloud Platform universal forwarder credentials package )from Splunk Cloud. - If there is no intermediate forwarder, you can directly apply the file to your universal forwarders. - If you are using an intermediate forwarder, download the file from Splunk Cloud and apply it to the heavy forwarder or intermediate forwarder. 3. If you have a deployment server, retrieve the `outputs.conf`(Splunk Cloud Platform universal forwarder credentials package) file from Splunk Cloud and push it to the forwarders using the deployment server. If you do not have a deployment server and prefer to implement the configuration directly, you can apply it manually to the forwarders. 4. Restart the Splunk instance to apply the changes. **Note:** 1. Ensure that the firewall rules between your on-premises environment and Splunk Cloud are properly configured. 2. A Splunk Cloud Platform receiving port is configured and enabled by default. I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.