Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF


Splunk IT Service Intelligence (ITSI) version 4.12.x reached its End of Life on January 22, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
Acrobat logo Download topic as PDF

Configure a universal forwarder to send data to ITSI in Splunk Cloud Platform

You have to install universal forwarder credentials on each universal forwarder that sends data to your Splunk Cloud Platform deployment. The universal forwarder credentials contains a custom certificate for your Splunk Cloud Platform deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud Platform.

To send data to Splunk Cloud Platform from a universal forwarder, deploy the universal forwarder and add the universal forwarder credentials to the universal forwarder.

Prerequisites

Requirement Description
Integration configured You ran the data collection script or manually deployed a universal forwarder on a system you want to send data to Splunk Cloud Platform from.
Root user You can run commands as the root user in the universal forwarder directory.
Universal forwarder user You created a user for the universal forwarder. If you used the data collection script to deploy a universal forwarder, a user wasn't created. To create a user, add user credentials to a user-seed.conf file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart splunkd so your changes take effect.

Steps

Follow these steps to configure a universal forwarder to send data to Splunk Cloud Platform.

  1. Log in to your Splunk Cloud Platform homepage.
  2. In the applications sidebar, click Universal Forwarder.
  3. Click Download Universal Forwarder Credentials to download the splunkclouduf.spl file.
  4. From a command-line interface, go to the $SPLUNK_HOME/bin directory for your universal forwarder.
  5. Run the following command:
    ./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
    where <username>:<password> are the login credentials for an existing account on the universal forwarder.
  6. Restart the universal forwarder:
    ./splunk restart
Last modified on 28 April, 2023
PREVIOUS
Use custom indexes in ITSI
  NEXT
Send data to Splunk Cloud Platform with ITSI data collection agents

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters