Getting Data In

Instructions for installing windows forwarder for Splunk Cloud?

Cuyose
Builder

the documentation does not have windows instructions for configuring the forwarder on a windows machine to communicate with your instance in splunk cloud. It merely says download and run the app, which I assume means put the credentials install file on the target windows machine you want to monitor and run it from the installed forwarders etc/bin directory" Well I did this and nothing happened.

Has someone come up with a step by step guide for doing this yet?

0 Karma

Cuyose
Builder

We had to change permissions on the installed forwarder directory and all subdirectory and files then edit the command in the instructions so it would work in windows. after that we needed to take the resulting config and auth files and put them into the etc/system/local directory for it to work. None of that was in the instructions however.

andrewb_splunk
Splunk Employee
Splunk Employee

Thank you for pointing out the shortcomings in the documentation and adding your solution here. We will get to work on clarifying these things in the docs!

0 Karma

malmoore
Splunk Employee
Splunk Employee

Were you getting a file permission error when attempting to run the commands on the forwarder? We will be updating the instructions to include steps for Windows hosts, but I am curious as to what made you have to "change permissions on the installed forwarder directory." You should not have to do that normally. Thanks.

0 Karma

andrewb_splunk
Splunk Employee
Splunk Employee

If you are using Splunk Cloud self-service look for the Universal Forwarder app that is installed in your Splunk Cloud deployment. It should contain additional instructions for getting your forwarder to communicate with Splunk Cloud.

0 Karma

Cuyose
Builder

It does not provide any additional instructions for configuring a windows agent . If you could please send me those instructions I would appreciate it.

0 Karma

andrewb_splunk
Splunk Employee
Splunk Employee

Hi Cuyose, the Splunk Cloud documentation (http://docs.splunk.com/Documentation/SplunkCloud/SplunkCloud/User/AddDataUnivFrwrder) provides links to instructions for installing a Universal Forwarder on both Windows and non-Windows systems. If you have looked at the docs already and find that they don't have the information you need, do let us know. Thanks!

0 Karma

Cuyose
Builder

I have installed the forwarder but there are no instructions for getting it to communicate to the Cloud Indexer.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...