Getting Data In

How to configure a heavy forwarder with Splunk Cloud

marceloamorim
New Member

Guys,

I need to configure a heavy forwarder to work with Splunk cloud.
There are no documents about it on the Splunk base.
This tip does not work: https://answers.splunk.com/answers/478035/how-to-set-up-a-heavy-forwarder-to-forward-data-to.html

Could you help me?

Marcelo Amorim

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Have you looked at Splunk Docs (docs.splunk.com)?
There is a document about deploying heavy forwarders at https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/Forwarding/Deployaheavyforwarder
Installing a heavy forwarder for Splunk Cloud is nearly the same as for Splunk Enterprise. The only difference is you must download the universalforwarder app (don't let the name distract you) from your Cloud instance and install it on your HF.

---
If this reply helps you, Karma would be appreciated.
0 Karma

marceloamorim
New Member

Thanks Richgalloway! Just to make sure, I need to install both HF and UF?
Its necessary to do some configuration on the HF?

Marcelo.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You do not need a UF, just a HF. The HF gets the same outputs.conf settings as a UF would, however, so it uses the app you download from your Splunk Cloud instance. IIRC, it's available from Apps->Universal Forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma

marceloamorim
New Member

I understood that to send data to Splunk Cloud, I need to download and install the universal forwarder credentials. If I just configure HF to point to cloud without credential, will not work. Make sense?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, makes sense.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, we can help you, but we need more information. Explain what "does not work" means. What are the exact steps you took? What error messages do you get?

---
If this reply helps you, Karma would be appreciated.
0 Karma

marceloamorim
New Member

Hi Richgalloway!

I didnt took any steps. I am getting information about it
I need to install heavy forwarder because I am going to install Splunk Add-on for Microsoft SQL Server.
I am using Splunk Version 7.0.13 - Splunk Build b6e41c05f519

When I took a look on the documentation to deploy heavy forwarders and this document say to configure the following parameters to send data to Splunk Enterprise:
splunk add forward-server : -auth :
However, I am using Splunk Cloud.

When I took a look on the Splunk Cloud documentation, I found only information to configure universal forwarders, through credentials to comunicate with Splunk Cloud instance.

thanks,

Marcelo Amorim

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...