Install and configure the Splunk Cloud Platform universal forwarder credentials package
To enable your forwarders to send data to the Splunk Cloud Platform, download the universal forwarder credentials file.
You can:
- Install the forwarder credentials on individual forwarders.
- Install the forwarder credentials on many forwarders using a deployment server.
Install the forwarder credentials on individual forwarders in *nix
- From your Splunk Cloud Platform instance, go to Apps > Universal Forwarder.
- Click Download Universal Forwarder Credentials.
- Note the location where the credentials file
splunkclouduf.spl
has been downloaded. - Copy the file to a temporary directory, this is usually your "/tmp" folder.
- Install the
splunkclouduf.spl
app by entering the following in command line:$SPLUNK_HOME/bin/splunk install app /tmp/splunkclouduf.spl
. - When you are prompted for a user name and password, enter the user name and password for the Universal Forwarder. The following message displays if the installation is successful:
App '/tmp/splunkclouduf.spl' installed
. - Restart the forwarder to enable the changes by entering the following command:
./splunk restart
.
Install the forwarder credentials on many forwarders using a deployment server in *nix
- From your Splunk Cloud Platform instance, go to Apps > Universal Forwarder.
- Click Download Universal Forwarder Credentials.
- Note the location where the credentials file was downloaded. The credentials file is named
splunkclouduf.spl
. - Copy the file to your system's temporary (/tmp) folder.
- (optional) Use file management tools to move the
splunkclouduf.spl
file to the$SPLUNK_HOME/etc/deployment-apps/
directory on the deployment server. - In a shell or command prompt, unpack the credentials package by running the following command: .
tar xvf splunkclouduf.spl
- Navigate to the
/bin
subdirectory of the deployment server. - Install the credentials package by running the following command: where
splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
<full path to splunkclouduf.spl>
is the path to the directory where thesplunkclouduf.spl
file is located and<username>:<password>
are the username and password of an existing admin account on the deployment server. - Restart the deployment server by running the following command: .
/splunk restart
Install the forwarder credentials on individual forwarders in Windows
- From your Splunk Cloud Platform instance, go to Apps > Universal Forwarder.
- Click Download Universal Forwarder Credentials.
- Note the location where the credentials file was downloaded. The credentials file is named
%HOMEPATH%\Downloads
. - Copy the file to your system's temporary (\tmp) folder.
- Install the
splunkclouduf.spl
app by entering the following command:%SPLUNK_HOME%\bin\splunk.exe install app %HOMEPATH%\Downloads\splunkclouduf.spl
. - When you are prompted for a username and password, enter the username and password for the Universal Forwarder. The following message displays if the installation is successful:
App %HOMEPATH%\Downloads\splunkclouduf.spl installed
.- Restart the forwarder to enable the changes by entering the following command.
.\splunk.exe restart
.
- Restart the forwarder to enable the changes by entering the following command.
Install the forwarder credentials on many forwarders using a deployment server in Windows
- From your Splunk Cloud Platform instance, go to Apps > Universal Forwarder.
- Click Download Universal Forwarder Credentials.
- Note the location where the credentials file
splunkclouduf.spl
was downloaded. - Copy the file to your system's temporary (\tmp) folder.
- (optional) Use file management tools to move the
splunkclouduf.spl
file to the$SPLUNK_HOME\etc\deployment-apps\
directory on the deployment server. - In a shell or command prompt, unpack the credentials package by running the following command: .
tar xvf splunkclouduf.spl
- Navigate to the
\bin
subdirectory of the deployment server. - Install the credentials package by running the following command: where
splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
<full path to splunkclouduf.spl>
is the path to the directory where thesplunkclouduf.spl
file is located and<username>:<password>
are the username and password of an existing admin account on the deployment server. - Restart the deployment server by running the following command:
\splunk restart
.
Enable a receiver for Splunk Enterprise | Configure the universal forwarder using configuration files |
This documentation applies to the following versions of Splunk® Universal Forwarder: 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10
Feedback submitted, thanks!