Splunk® Enterprise

Add AWS ELB access log data: Splunk Cloud

Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Configure data collection on your Splunk Enterprise instance

To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Cloud instance. Install a forwarder on your data host to send data to the receiver.

Download and install the forwarder credentials to connect your forwarder to your Splunk Cloud instance

To enable your forwarders to send data to Splunk Cloud, download the universal forwarder credentials file. This file contains a custom certificate for your Splunk Cloud deployment.

Download the forwarder credentials

  1. In your Splunk Cloud deployment, navigate to the Splunk Cloud Home page.
  2. Click Universal Forwarder.
  3. On the Splunk Cloud Home page, click Download Universal Forwarder Credentials to download the splunkclouduf.spl file.
  4. When prompted, click Save File and click OK. By default, the splunkclouduf.spl file downloads to the Downloads directory. If you download to a different location, make note of that location.

Install the file onto your forwarders using one of the two installation options described in this topic. Apply these credentials to forwarders of any type that you need to connect to your Splunk Cloud instance.

Install the forwarder credentials on individual forwarders

  1. Move the splunkclouduf.spl file to the $SPLUNK_HOME/etc/apps/ directory of your forwarder.
  2. Open a command prompt window and, run the following command:
    splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
    where <full path to splunkclouduf.spl> is the path to the directory where the splunkclouduf.spl file is located and <username>:<password> are the username and password of an existing admin account on the forwarder.
  3. Restart your forwarder: /splunk restart.

Install the forwarder credentials on a deployment server

  1. Move the splunkclouduf.spl file to the $SPLUNK_HOME/etc/deployment-apps/ directory of your deployment server.
  2. Open a command prompt window, and run the command tar xvf splunkclouduf.spl.
  3. Navigate to the /bin subdirectory of your deployment server.
  4. In the command prompt window, run the command:
    splunk install app <full path to splunkclouduf.spl> -auth <username>:<password>
    where <full path to splunkclouduf.spl> is the path to the directory where the splunkclouduf.spl file is located and <username>:<password> are the username and password of an existing admin account on the universal forwarder.
  5. Restart your deployment server: /splunk restart.
Last modified on 10 October, 2020
Configure accounts for the Splunk Add-on for AWS   Configure inputs for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters