Splunk® App for Infrastructure (Legacy)

Install and Upgrade Splunk App for Infrastructure

Install the Splunk App for Infrastructure in a Splunk Cloud deployment

You must be a Splunk Cloud administrator to install and manage apps in your Splunk Cloud environment. To install an app on Splunk Cloud, contact your Splunk sales representative or Splunk Support. You need Splunk Support to complete these tasks:

  • Add the Splunk App for Infrastructure (SAI) to your Splunk Cloud environment.
  • Add the Splunk Add-on for Infrastructure to your Splunk Cloud environment.
  • Enable the HTTP Event Collector (HEC) in your Splunk Cloud environment.

If you want to collect VMware data, Splunk Support also has to complete these tasks:

  • Install VMware data collection components.
  • Confirm you have an ITSI license.

After Splunk Support installs the app and add-ons, and enables HEC for your cloud environment, configure your Splunk Cloud instance and hosts to send data to SAI.

You have to use the sc_admin user to make configuration changes.

What the cloud deployment looks like

Install a universal forwarder for metrics and logs collection on Windows systems. Install a universal forwarder for logs collection and collectd for metrics collection for *nix systems. You have to install universal forwarder credentials on every system you install a universal forwarder on. Data the universal forwarder collects is sent to the indexing tier in the cloud environment.

You must install collectd on *nix systems for metrics collection. Collectd sends data to an HEC in the indexing tier in the cloud environment.

If you plan to send AWS data to SAI, you have to deploy a heavy forwarder on a Windows or Linux system and install the Splunk Add-on for AWS, the Splunk Add-on for Infrastructure, and the universal forwarder credentials on it. To configure the heavy forwarder to send AWS data to SAI in the cloud environment, also install SAI on it.

If you plan to send VMware data to SAI, you also have to install the Splunk Add-on for VMware Metrics and deploy a Data Collection Node (DCN) and Data Collection Scheduler (DCS). For more information, see About VMware vSphere integrations in SAI.

This diagram describes a cloud environment that is ingesting data from a Windows system, a Mac system, a Linux system, and a heavy forwarder for AWS data collection.

This image describes a deployment with a Data Collection Node, a Data Collection Scheduler, a heavy forwarder, a Windows system, a Mac system, and a Linux system sending data over multiple ports to a Splunk Cloud environment.

Configure your cloud deployment for SAI

Follow these steps to set up your physical and cloud environment to start sending data to SAI.

1. Add the power role to sc_admin users

To fully configure and use SAI as an sc_admin user, ensure that all capabilities are assigned to each sc_admin user that has access to the cloud environment.

For more information about assigning the power capabilities to the sc_admin user, see sc_admin role permissions.

2. Install and configure the data collection agents on each applicable system

Do not run the easy install script or manually install data collection agents on a heavy forwarder that sends AWS data to SAI.

Use the easy install script to configure the data collection agents on each system that sends data to the cloud environment. For Windows systems, the easy install script installs and configures a universal forwarder. For *nix systems, the easy install script installs and configures a universal forwarder and collectd.

For information about the data collection script for each OS, see these topics in the Administer Splunk App for Infrastructure guide:

You can also manually set up the universal forwarder and collectd. For more information, see these topics in the Administer Splunk App for Infrastructure guide:

When you are configuring data collection, use these port values so that your cloud stack receives data from your systems:

Field Value
Monitoring Machine
http-inputs-<cloud_hostname>.splunkcloud.com
HEC port 443

3. Install universal forwarder credentials

Follow this step for each system that is not already sending data to your cloud environment. Otherwise, skip this step.

You must install the universal forwarder credentials file on each system that sends data to your cloud environment. The universal forwarder credentials file contains a custom certificate for your Splunk Cloud deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud.

Before you install the universal forwarder credentials, remove outputs.conf on the universal forwarder that the script installed and configured.

If you have not already created a user for the universal forwarder, first create a user. To create a user, add credentials to a user-seed.conf file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart splunkd so your changes take effect.

By default, you must be the root user to make changes to the universal forwarder directory.

  1. Log in to your Splunk Cloud homepage.
  2. In the left sidebar, click Universal Forwarder.
  3. Click Download Universal Forwarder Credentials to download the splunkclouduf.spl file.
  4. From a command-line interface, go to the $SPLUNK_HOME/bin directory for your universal forwarder.
  5. Run the following command:

      ./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
      where <username>:<password> are the login credentials for an existing account on the universal forwarder.

  6. Restart the universal forwarder:

      ./splunk restart

4. (Optional) Set up AWS data collection

When deploying a heavy forwarder to collect AWS data for SAI, you have to set up only forwarding on it. You do not have to set up receiving.

  1. If you plan to collect AWS data, install apps and add-ons on a heavy forwarder:
    1. Splunk App for Infrastructure
    2. Splunk Add-on for Infrastructure
    3. Splunk Add-on for AWS version 5.0.0
    4. universal forwarder credentials
  2. Configure AWS data collection. For information, see Configure AWS data collection for Splunk App for Infrastructure.

For information about installing apps and add-ons, see Where to get more apps and add-ons in the Splunk Enterprise Admin Manual.

For information about deploying a heavy forwarder, see Deploy a heavy forwarder in the Splunk Enterprise Forwarding Data guide.

4. (Optional) Set up VMware data collection

Starting with SAI version 2.2.0, VMware data collection is completely handled in the Splunk Add-on for VMware Metrics. For more information, see About VMware vSphere integrations in SAI. To collect VMware data collection, you have to install and configure a Data Collection Node (DCN) and Data Collection Scheduler (DCS) outside of Splunk Cloud. To set up a DCN and DCS, see these topics:

Last modified on 17 August, 2020
Install the Splunk App for Infrastructure in a distributed deployment   Upgrade to a new version of Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters