Install the Splunk App for Infrastructure in a Splunk Cloud deployment
You must be a Splunk Cloud administrator to install and manage apps in your Splunk Cloud environment. To install an app on Splunk Cloud, contact your Splunk sales representative or Splunk Support. You need Splunk Support to complete these tasks:
- Add the Splunk App for Infrastructure (SAI) to your Splunk Cloud environment.
- Add the Splunk Add-on for Infrastructure to your Splunk Cloud environment.
- Enable the HTTP Event Collector (HEC) in your Splunk Cloud environment.
If you want to collect VMware data, Splunk Support also has to complete these tasks:
- Install VMware data collection components.
- Confirm you have an ITSI license.
After Splunk Support installs the app and add-ons, and enables HEC for your cloud environment, configure your Splunk Cloud instance and hosts to send data to SAI.
You have to use the sc_admin
user to make configuration changes.
What the cloud deployment looks like
Install a universal forwarder for metrics and logs collection on Windows systems. Install a universal forwarder for logs collection and collectd for metrics collection for *nix systems. You have to install universal forwarder credentials on every system you install a universal forwarder on. Data the universal forwarder collects is sent to the indexing tier in the cloud environment.
You must install collectd on *nix systems for metrics collection. Collectd sends data to an HEC in the indexing tier in the cloud environment.
If you plan to send AWS data to SAI, you have to deploy a heavy forwarder on a Windows or Linux system and install the Splunk Add-on for AWS, the Splunk Add-on for Infrastructure, and the universal forwarder credentials on it. To configure the heavy forwarder to send AWS data to SAI in the cloud environment, also install SAI on it.
If you plan to send VMware data to SAI, you also have to install the Splunk Add-on for VMware Metrics and deploy a Data Collection Node (DCN) and Data Collection Scheduler (DCS). For more information, see About VMware vSphere integrations in SAI.
This diagram describes a cloud environment that is ingesting data from a Windows system, a Mac system, a Linux system, and a heavy forwarder for AWS data collection.
Configure your cloud deployment for SAI
Follow these steps to set up your physical and cloud environment to start sending data to SAI.
1. Add the power role to sc_admin users
To fully configure and use SAI as an sc_admin user, ensure that all capabilities are assigned to each sc_admin user that has access to the cloud environment.
For more information about assigning the power capabilities to the sc_admin user, see sc_admin role permissions.
2. Install and configure the data collection agents on each applicable system
Do not run the easy install script or manually install data collection agents on a heavy forwarder that sends AWS data to SAI.
Use the easy install script to configure the data collection agents on each system that sends data to the cloud environment. For Windows systems, the easy install script installs and configures a universal forwarder. For *nix systems, the easy install script installs and configures a universal forwarder and collectd.
For information about the data collection script for each OS, see these topics in the Administer Splunk App for Infrastructure guide:
- Collect Windows metrics and logs with Splunk App for Infrastructure
- Collect Linux/Unix metrics and logs with Splunk App for Infrastructure
- Collect Mac OS X metrics and logs with Splunk App for Infrastructure
You can also manually set up the universal forwarder and collectd. For more information, see these topics in the Administer Splunk App for Infrastructure guide:
- Manually configure metrics and log collection for Windows on Splunk App for Infrastructure
- Manually configure log collection on a *nix entity for Splunk App for Infrastructure
- Manually configure metrics collection on a *nix entity for Splunk App for Infrastructure
When you are configuring data collection, use these port values so that your cloud stack receives data from your systems:
Field | Value |
---|---|
Monitoring Machine | http-inputs-<cloud_hostname>.splunkcloud.com |
HEC port | 443
|
3. Install universal forwarder credentials
Follow this step for each system that is not already sending data to your cloud environment. Otherwise, skip this step.
You must install the universal forwarder credentials file on each system that sends data to your cloud environment. The universal forwarder credentials file contains a custom certificate for your Splunk Cloud deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud.
Before you install the universal forwarder credentials, remove outputs.conf
on the universal forwarder that the script installed and configured.
If you have not already created a user for the universal forwarder, first create a user. To create a user, add credentials to a user-seed.conf
file. For more information, see user-seed.conf in the Splunk Enterprise Admin Manual. If you modify a conf file, be sure to restart splunkd
so your changes take effect.
By default, you must be the root user to make changes to the universal forwarder directory.
- Log in to your Splunk Cloud homepage.
- In the left sidebar, click Universal Forwarder.
- Click Download Universal Forwarder Credentials to download the
splunkclouduf.spl
file. - From a command-line interface, go to the
$SPLUNK_HOME/bin
directory for your universal forwarder. - Run the following command:
where
./splunk install app <full_path_to_splunkclouduf.spl> -auth <username>:<password>
<username>:<password>
are the login credentials for an existing account on the universal forwarder. - Restart the universal forwarder:
./splunk restart
4. (Optional) Set up AWS data collection
When deploying a heavy forwarder to collect AWS data for SAI, you have to set up only forwarding on it. You do not have to set up receiving.
- If you plan to collect AWS data, install apps and add-ons on a heavy forwarder:
- Splunk App for Infrastructure
- Splunk Add-on for Infrastructure
- Splunk Add-on for AWS version 5.0.0
- universal forwarder credentials
- Configure AWS data collection. For information, see Configure AWS data collection for Splunk App for Infrastructure.
For information about installing apps and add-ons, see Where to get more apps and add-ons in the Splunk Enterprise Admin Manual.
For information about deploying a heavy forwarder, see Deploy a heavy forwarder in the Splunk Enterprise Forwarding Data guide.
4. (Optional) Set up VMware data collection
Starting with SAI version 2.2.0, VMware data collection is completely handled in the Splunk Add-on for VMware Metrics. For more information, see About VMware vSphere integrations in SAI. To collect VMware data collection, you have to install and configure a Data Collection Node (DCN) and Data Collection Scheduler (DCS) outside of Splunk Cloud. To set up a DCN and DCS, see these topics:
Install the Splunk App for Infrastructure in a distributed deployment | Upgrade to a new version of Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5
Feedback submitted, thanks!