Splunk® IT Essentials Work

Entity Integrations Manual

Configure a universal forwarder to send data to ITE Work in Splunk Cloud Platform

You have to install universal forwarder credentials on each universal forwarder that sends data to your Splunk Cloud Platform deployment. The universal forwarder credentials contains a custom certificate for your Splunk Cloud Platform deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud Platform.

To send data to Splunk Cloud Platform from a universal forwarder, deploy the universal forwarder and add the universal forwarder credentials to the universal forwarder.

Prerequisites

Requirement Description
Integration configured You ran the data collection script or manually deployed a universal forwarder on a system you want to send data to Splunk Cloud Platform from.
Root user You can run commands as the root user in the universal forwarder directory.
Universal forwarder user You created a user for the universal forwarder. If you used the data collection script to deploy a universal forwarder, a user wasn't created. To create a user, add user credentials to a user-seed.conf file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart splunkd so your changes take effect.

Steps

Follow these steps to configure a universal forwarder to send data to Splunk Cloud Platform.

  1. Log in to your Splunk Cloud Platform homepage.
  2. In the applications sidebar, click Universal Forwarder.
  3. Click Download Universal Forwarder Credentials to download the splunkclouduf.spl file.
  4. From a command-line interface, go to the $SPLUNK_HOME/bin directory for your universal forwarder.
  5. Run the following command:
    ./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
    where <username>:<password> are the login credentials for an existing account on the universal forwarder.
  6. Restart the universal forwarder:
    ./splunk restart
Last modified on 28 February, 2024
Use custom indexes in   Send data to Splunk Cloud Platform with data collection agents

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.18.0, 4.18.1, 4.19.0, 4.19.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters