Configure a universal forwarder to send data to ITE Work in Splunk Cloud Platform
You have to install universal forwarder credentials on each universal forwarder that sends data to your Splunk Cloud Platform deployment. The universal forwarder credentials contains a custom certificate for your Splunk Cloud Platform deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud Platform.
To send data to Splunk Cloud Platform from a universal forwarder, deploy the universal forwarder and add the universal forwarder credentials to the universal forwarder.
Prerequisites
Requirement | Description |
---|---|
Integration configured | You ran the data collection script or manually deployed a universal forwarder on a system you want to send data to Splunk Cloud Platform from. |
Root user | You can run commands as the root user in the universal forwarder directory. |
Universal forwarder user | You created a user for the universal forwarder. If you used the data collection script to deploy a universal forwarder, a user wasn't created. To create a user, add user credentials to a user-seed.conf file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart splunkd so your changes take effect.
|
Steps
Follow these steps to configure a universal forwarder to send data to Splunk Cloud Platform.
- Log in to your Splunk Cloud Platform homepage.
- In the applications sidebar, click Universal Forwarder.
- Click Download Universal Forwarder Credentials to download the splunkclouduf.spl file.
- From a command-line interface, go to the
$SPLUNK_HOME/bin
directory for your universal forwarder. - Run the following command:
where
./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
<username>:<password>
are the login credentials for an existing account on the universal forwarder. - Restart the universal forwarder:
./splunk restart
Use custom indexes in | Send data to Splunk Cloud Platform with ITE Work data collection agents |
This documentation applies to the following versions of Splunk® IT Essentials Work: 4.18.0, 4.18.1, 4.19.0, 4.19.1
Feedback submitted, thanks!