Configure a universal forwarder to send data to ITSI in Splunk Cloud
You have to install universal forwarder credentials on each universal forwarder that sends data to your Splunk Cloud deployment. The universal forwarder credentials contains a custom certificate for your Splunk Cloud deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud.
To send data to Splunk Cloud from a universal forwarder, deploy the universal forwarder and add the universal forwarder credentials to the universal forwarder.
|Integration configured||You ran the data collection script or manually deployed a universal forwarder on a system you want to send data to Splunk Cloud from.|
|Root user||You can run commands as the root user in the universal forwarder directory.|
|Universal forwarder user||You created a user for the universal forwarder. If you used the data collection script to deploy a universal forwarder, a user wasn't created. To create a user, add user credentials to a |
Follow these steps to configure a universal forwarder to send data to Splunk Cloud.
- Log in to your Splunk Cloud homepage.
- In the applications sidebar, click Universal Forwarder.
- Click Download Universal Forwarder Credentials to download the
- From a command-line interface, go to the
$SPLUNK_HOME/bindirectory for your universal forwarder.
- Run the following command:
./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
<username>:<password>are the login credentials for an existing account on the universal forwarder.
- Restart the universal forwarder:
Use custom indexes in ITSI
Send data to Splunk Cloud with ITSI data collection agents
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only