Splunk® Universal Forwarder

Forwarder Manual

This documentation does not apply to the most recent version of Splunk® Universal Forwarder. For documentation on the most recent version, go to the latest release.

Install and configure the Splunk Cloud Platform universal forwarder credentials package

To enable your forwarders to send data to Splunk Cloud Platform, download the universal forwarder credentials file. This file contains a custom certificate for your Splunk Cloud Platform deployment.

Download the forwarder credentials

  1. From your Splunk Cloud Platform instance, go to Apps > Universal Forwarder.
  2. Click Download Universal Forwarder Credentials.
  3. Note the location where the credentials file was downloaded. The credentials file is named splunkclouduf.spl.
  4. Copy the file to your /tmp folder.

Install the file onto your forwarders using one of the two installation options described in this topic. Apply these credentials to forwarders of any type that you need to connect to your Splunk Cloud Platform instance.

Install the forwarder credentials on individual forwarders

  1. Install the following app by entering the following command: /opt/splunkforwarder/bin/splunk install app /tmp/splunkclouduf.spl.
  2. When you are prompted for a user name and password, enter the user name and password for the Universal Forwarder. The following message displays if the installation is successful: App '/tmp/splunkclouduf.spl' installed.
  3. Restart the forwarder to enable the changes by entering the following command. ./splunk restart.

Install the forwarder credentials on a deployment server

  1. Use file management tools to move the splunkclouduf.spl file to the $SPLUNK_HOME/etc/deployment-apps/ directory on the deployment server.
  2. Open a shell or command prompt.
  3. Unpack the credentials package by running the following command:
    tar xvf splunkclouduf.spl
  4. Navigate to the /bin subdirectory of the deployment server.
  5. Install the credentials package by running the following command:
    splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
    where <full path to splunkclouduf.spl> is the path to the directory where the splunkclouduf.spl file is located and <username>:<password> are the username and password of an existing admin account on the universal forwarder.
  6. Restart the deployment server by running the following command:
    /splunk restart
Last modified on 25 March, 2022
How to forward data to Splunk Cloud Platform   Enable a receiver

This documentation applies to the following versions of Splunk® Universal Forwarder: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3,, 8.2.4, 8.2.5

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters