All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get data from external machine to Splunk Enterprise?

shribhagya
New Member
‎07-12-2019 02:40 AM

Hi,
One of my client has installed the Splunk on AWS - Linux instance (external Test instance). He wants the log file to be monitored through the Splunk Enterprise hosted in our domain. I've made the changes in /splunk/splunkforwarder/inputs.conf file with the source path,host and source type. but my question is how will the data from that external machine (which is not in our domain) will get monitored and indexed in our splunk enterprise environment? How will i achieve it and what additional changes I've to make?

Thanks and Regards,
Shribhagya

Tags (3)
0 Karma
Reply

pgerke_cc
Explorer
‎07-12-2019 08:52 AM

You have to edit the outputs.conf on your AWS mashine to tell the forwarder where to send the data.

And enter something like that:

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = 192.168.10.132:9997

[tcpout-server://192.168.10.132:9997]

And you need to enable your Splunk instance to listen on a given port.

Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-12-2019 11:15 AM

You also need to ensure an AWS security group is defined to allow sending of data from the UF to your Splunk indexer(s).
Then make sure your firewall allows connections from the AWS server.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

shribhagya
New Member
‎07-12-2019 07:04 AM

He has installed splunk universal forwarder on that AWS machine and he wants the log file of that machine to be monitored under our Splunk Enterprise.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-12-2019 06:41 AM

Please clarify. Has your client installed Splunk Enterprise on AWS or Splunk Universal Forwarder? What log files are you supposed to monitor?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...