Configure forwarding and receiving for Splunk Cloud
Your Splunk Cloud instance acts as your receiver. Use these tasks to configure your forwarders to send data to Splunk Cloud.
To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Cloud instance. Install a forwarder on your data host to send data to the receiver.
Download and install the forwarder credentials to connect your forwarder to your Splunk Cloud instance
To enable your forwarders to send data to Splunk Cloud, download the universal forwarder credentials file. This file contains a custom certificate for your Splunk Cloud deployment.
Download the forwarder credentials
- In your Splunk Cloud deployment, navigate to the Splunk Cloud Home page.
- Click Universal Forwarder.
- On the Splunk Cloud Home page, click Download Universal Forwarder Credentials to download the
splunkclouduf.spl
file. - When prompted, click Save File and click OK. By default, the
splunkclouduf.spl
file downloads to theDownloads
directory. If you download to a different location, make note of that location.
Install the file onto your forwarders using one of the two installation options described in this topic. Apply these credentials to forwarders of any type that you need to connect to your Splunk Cloud instance.
Install the forwarder credentials on individual forwarders
- Move the
splunkclouduf.spl
file to the$SPLUNK_HOME/etc/apps/
directory of your forwarder. - Open a command prompt window and, run the following command:
where
splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
<full path to splunkclouduf.spl>
is the path to the directory where thesplunkclouduf.spl
file is located and<username>:<password>
are the username and password of an existing admin account on the forwarder. - Restart your forwarder:
/splunk restart
.
Install the forwarder credentials on a deployment server
- Move the
splunkclouduf.spl
file to the$SPLUNK_HOME/etc/deployment-apps/
directory of your deployment server. - Open a command prompt window, and run the command
tar xvf splunkclouduf.spl
. - Navigate to the
/bin
subdirectory of your deployment server. - In the command prompt window, run the command:
splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
where<full path to splunkclouduf.spl>
is the path to the directory where thesplunkclouduf.spl
file is located and<username>:<password>
are the username and password of an existing admin account on the universal forwarder. - Restart your deployment server:
/splunk restart
.
Introduction | Install a heavy forwarder |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Feedback submitted, thanks!