Under my free trial version of Splunk Cloud, I am trying to send data from linux instance to splunk cloud.
I created an EC2 and configured the Universal Forwarder over it by following this documentation
https://docs.splunk.com/Documentation/SplunkCloud/7.2.4/User/ForwardDataToSplunkCloudFromLinux
Following this doc, after setting the deploy poll on my linux instance(where universal forwarder is installed), I can see the IP of my instance under available host (Setting-> Add data-> forward) in my splunk cloud. I select this host and for configuring source in my splunk cloud, I select the file or directory say as /var/log/auth.log.
I can't see anything in my search even if I do * and select time as all time.
... View more