Getting Data In

Instructions for installing windows forwarder for Splunk Cloud?

Cuyose
Builder

the documentation does not have windows instructions for configuring the forwarder on a windows machine to communicate with your instance in splunk cloud. It merely says download and run the app, which I assume means put the credentials install file on the target windows machine you want to monitor and run it from the installed forwarders etc/bin directory" Well I did this and nothing happened.

Has someone come up with a step by step guide for doing this yet?

0 Karma

Cuyose
Builder

We had to change permissions on the installed forwarder directory and all subdirectory and files then edit the command in the instructions so it would work in windows. after that we needed to take the resulting config and auth files and put them into the etc/system/local directory for it to work. None of that was in the instructions however.

andrewb_splunk
Splunk Employee
Splunk Employee

Thank you for pointing out the shortcomings in the documentation and adding your solution here. We will get to work on clarifying these things in the docs!

0 Karma

malmoore
Splunk Employee
Splunk Employee

Were you getting a file permission error when attempting to run the commands on the forwarder? We will be updating the instructions to include steps for Windows hosts, but I am curious as to what made you have to "change permissions on the installed forwarder directory." You should not have to do that normally. Thanks.

0 Karma

andrewb_splunk
Splunk Employee
Splunk Employee

If you are using Splunk Cloud self-service look for the Universal Forwarder app that is installed in your Splunk Cloud deployment. It should contain additional instructions for getting your forwarder to communicate with Splunk Cloud.

0 Karma

Cuyose
Builder

It does not provide any additional instructions for configuring a windows agent . If you could please send me those instructions I would appreciate it.

0 Karma

andrewb_splunk
Splunk Employee
Splunk Employee

Hi Cuyose, the Splunk Cloud documentation (http://docs.splunk.com/Documentation/SplunkCloud/SplunkCloud/User/AddDataUnivFrwrder) provides links to instructions for installing a Universal Forwarder on both Windows and non-Windows systems. If you have looked at the docs already and find that they don't have the information you need, do let us know. Thanks!

0 Karma

Cuyose
Builder

I have installed the forwarder but there are no instructions for getting it to communicate to the Cloud Indexer.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...