I am new to Splunk and I am trying to test Splunk Cloud with my AWS instance. I have a forwarder built in AWS.
It does not show up in the forwarders of my cloud instance
It installs fine according to the instructions provided. I have installed using the .spl file and a local admin account. I restarted Splunk using the CLI. no errors were encountered - here is the output
PS C:\Program
Files\SplunkUniversalForwarder\bin>
.\splunk.exe restart SplunkForwarder:
Stopped
Splunk> Like an F-18, bro.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from 'C:\Program
Files\SplunkUniversalForwarder\splunkforwarder-6.5.1-
f74036626f0c-windows-64-manifest'
All installed files intact.
Done All preliminary checks passed.
Starting splunk server daemon
(splunkd)...
SplunkForwarder: Starting (pid 2200)
Done
The forwarder has internet access, and Windows firewall has been disabled.
I have added a syslog listener to the forwarder using Splunk add udp 514 -sourcetype syslog
I have confirmed that data is getting to the forwarder using wireshark but I don't see data being forwarded out
how can I determine what the issue is?
thanks
... View more