Install the Splunk App for Infrastructure in a Splunk Cloud deployment
You must be a Splunk Cloud administrator to install and manage apps in your Splunk Cloud environment. To install an app on Splunk Cloud, contact your Splunk sales representative or Splunk Support. You will need Splunk Support to complete these tasks:
- Add the Splunk App for Infrastructure (SAI) to your Splunk Cloud environment.
- Add the Splunk Add-on for Infrastructure to your Splunk Cloud environment.
- Enable the HTTP Event Collector (HEC) in your Splunk Cloud environment.
If you want to collect VMware data, Splunk Support also has to complete these tasks:
- Install VMware data collection components.
- Confirm you have an ITSI license.
After Splunk Support installs the app and add-ons, and enables HEC for your cloud environment, configure your Splunk Cloud instance and hosts to send data to SAI.
You have to use the
sc_admin user to make configuration changes.
What the cloud deployment looks like
Install a universal forwarder for metrics and logs collection on Windows systems. Install a universal forwarder for logs collection and collectd for metrics collection for *nix systems. You have to install universal forwarder credentials on every system you install a universal forwarder on. Data the universal forwarder collects is sent to the indexing tier in the cloud environment.
You must install collectd on *nix systems for metrics collection. Collectd sends data to an HEC in the indexing tier in the cloud environment.
If you plan to send VMware data to SAI, you have to deploy a Data Collection Node (DCN) and Data Collection Scheduler (DCS). For more information, see Install VMware data collection add-ons and dependencies.
If you plan to send AWS data to SAI, you have to deploy a heavy forwarder on a Windows or Linux system and install the Splunk Add-on for AWS, the Splunk Add-on for Infrastructure, and the universal forwarder credentials on it. To configure the heavy forwarder to send AWS data to SAI in the cloud environment, also install SAI on it.
This diagram describes a cloud environment that is ingesting data from a Windows system, a Mac system, a Linux system, and a heavy forwarder for AWS data collection.
Configure your cloud deployment for SAI
Follow these steps to set up your physical and cloud environment to start sending data to SAI.
1. Add the power role to sc_admin users
To fully configure and use SAI as an sc_admin user, ensure that all capabilities are assigned to each sc_admin user that has access to the cloud environment.
For more information about assigning the power capabilities to the sc_admin user, see sc_admin role permissions.
2. Install and configure the data collection agents on each applicable system
Do not run the easy install script or manually install data collection agents on a heavy forwarder that sends AWS data to SAI.
Use the easy install script to configure the data collection agents on each system that sends data to the cloud environment. For Windows systems, the easy install script installs and configures a universal forwarder. For *nix systems, the easy install script installs and configures a universal forwarder and collectd.
For information about the data collection script for each OS, see these topics in the Administer Splunk App for Infrastructure guide:
- Collect Windows metrics and logs with Splunk App for Infrastructure
- Collect Linux/Unix metrics and logs with Splunk App for Infrastructure
- Collect Mac OS X metrics and logs with Splunk App for Infrastructure
You can also manually set up the universal forwarder and collectd. For more information, see these topics in the Administer Splunk App for Infrastructure guide:
- Manually configure metrics and log collection for Windows on Splunk App for Infrastructure
- Manually configure log collection on a *nix entity for Splunk App for Infrastructure
- Manually configure metrics collection on a *nix entity for Splunk App for Infrastructure
When you are configuring data collection, use these port values so that your cloud stack receives data from your systems:
3. Install universal forwarder credentials
Follow this step for each system that is not already sending data to your cloud environment. Otherwise, skip this step.
You must install the universal forwarder credentials file on each system that sends data to your cloud environment. The universal forwarder credentials file contains a custom certificate for your Splunk Cloud deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud.
Before you install the universal forwarder credentials, remove
outputs.conf on the universal forwarder that the script installed and configured.
If you have not already created a user for the universal forwarder, first create a user. To create a user, add credentials to a
user-seed.conf file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart
splunkd so your changes take effect.
By default, you must be the root user to make changes to the universal forwarder directory.
- Remove the existing
outputs.conffile on the universal forwarder. Here are the default locations for each operating system:
- Default *nix location:
- Default Windows location:
- Default *nix location:
- Log in to your Splunk Cloud homepage.
- In the left sidebar, click Universal Forwarder.
- Click Download Universal Forwarder Credentials to download the
- From a command-line interface, go to the
$SPLUNK_HOME/bindirectory for your universal forwarder.
- Run the following command:
./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
<username>:<password>are the login credentials for an existing account on the universal forwarder.
- Restart the universal forwarder:
4. Set up AWS data collection
When deploying a heavy forwarder to collect AWS data for SAI, you have to set up only forwarding on it. You do not have to set up receiving.
- If you plan to collect AWS data, install apps and add-ons on a heavy forwarder:
- Configure AWS data collection. For information, see Configure AWS data collection for Splunk App for Infrastructure.
For information about installing apps and add-ons, see Where to get more apps and add-ons in the Splunk Enterprise Admin Manual.
For information about deploying a heavy forwarder, see Deploy a heavy forwarder in the Splunk Enterprise Forwarding Data guide.
4. Set up VMware data collection
To collect VMware data collection, you have to install and configure a Data Collection Node (DCN) and Data Collection Scheduler (DCS) outside of Splunk Cloud. To set up a DCN and DCS, see these topics:
VMware data collection with Splunk Cloud requires that you configure a universal forwarder with universal forwarder credentials between the DCN and the Splunk Cloud indexer endpoint. Configure the DCN to forward data to the universal forwarder. The universal forwarder will then send data from the DCN to Splunk Cloud with the proper credentials. For more information, see Install universal forwarder credentials.
You can install the universal forwarder on the system that's running the DCN. For steps about deploying a universal forwarder, see Install a *nix universal forwarder in the Splunk Universal Forwarder Forwarder Manual.
For information about installing VMware data collection components, see Install VMware data collection add-ons and dependencies.
After you install the data collection components, set up VMware data collection. For more information, see Collect VMware vCenter Server metrics with Splunk App for Infrastructure in the Administer Splunk App for Infrastructure guide.
Install the Splunk App for Infrastructure in a distributed deployment
Upgrade to a new version of Splunk App for Infrastructure
This documentation applies to the following versions of Splunk® App for Infrastructure: 2.0.0, 2.0.1, 2.0.2, 2.0.3