Re: Unable To Forward Data To Splunk Cloud From Li...

tarunchawla28 · ‎03-17-2019

Under my free trial version of Splunk Cloud, I am trying to send data from linux instance to splunk cloud.
I created an EC2 and configured the Universal Forwarder over it by following this documentation

https://docs.splunk.com/Documentation/SplunkCloud/7.2.4/User/ForwardDataToSplunkCloudFromLinux

Following this doc, after setting the deploy poll on my linux instance(where universal forwarder is installed), I can see the IP of my instance under available host (Setting-> Add data-> forward) in my splunk cloud. I select this host and for configuring source in my splunk cloud, I select the file or directory say as /var/log/auth.log.

I can't see anything in my search even if I do * and select time as all time.

deepashri_123 · ‎03-18-2019

Hi tarunchawla28,

Have you enabled the receiver? Refer this link:
https://docs.splunk.com/Documentation/Splunk/7.2.4/AddMSWinCloud/EnableReceiver

Also in your search tab can u check index=* and run the query

Let me know if this helps!!

tarunchawla28 · ‎04-07-2019

Did the whole thing again. After some time, I got the data from my linux instance. Can't say why it took time.

Unable To Forward Data To Splunk Cloud From Linux

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?