Configure a universal forwarder to send data to ITSI in Splunk Cloud Platform
You have to install universal forwarder credentials on each universal forwarder that sends data to your Splunk Cloud Platform deployment. The universal forwarder credentials contains a custom certificate for your Splunk Cloud Platform deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud Platform.
To send data to Splunk Cloud Platform from a universal forwarder, deploy the universal forwarder and add the universal forwarder credentials to the universal forwarder.
|Integration configured||You ran the data collection script or manually deployed a universal forwarder on a system you want to send data to Splunk Cloud Platform from.|
|Root user||You can run commands as the root user in the universal forwarder directory.|
|Universal forwarder user||You created a user for the universal forwarder. If you used the data collection script to deploy a universal forwarder, a user wasn't created. To create a user, add user credentials to a user-seed.conf file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart |
Follow these steps to configure a universal forwarder to send data to Splunk Cloud Platform.
- Log in to your Splunk Cloud Platform homepage.
- In the applications sidebar, click Universal Forwarder.
- Click Download Universal Forwarder Credentials to download the splunkclouduf.spl file.
- From a command-line interface, go to the
$SPLUNK_HOME/bindirectory for your universal forwarder.
- Run the following command:
./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
<username>:<password>are the login credentials for an existing account on the universal forwarder.
- Restart the universal forwarder:
Use custom indexes in ITSI
Send data to Splunk Cloud Platform with ITSI data collection agents
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.13.0