Splunk Cloud

Splunk Cloud User Manual

Download manual as PDF

Download topic as PDF

Forward data to Splunk Cloud from Microsoft Windows

To get data into Splunk Cloud, log into your Splunk Cloud deployment and do the following:

  1. Download the Splunk Universal Forwarder for Windows.
  2. Install the Splunk Universal Forwarder for Windows.
  3. Download and install the universal forwarder credentials.
  4. Configure data inputs, which specify the data to be collected and forwarded.

The following detailed procedure tells you how to install and configure the universal forwarder on a Windows machine.

Log into your Splunk Cloud deployment

The way you log in depends on whether your Splunk Cloud deployment is managed or self-service (for details, see Types of Splunk Cloud Deployment.)

Logging into a self-service Splunk Cloud deployment

  1. In your web browser, go to www.splunk.com.
  2. Click My Account.
  3. Click Log In.
  4. On the Log In page, enter the user name and password provided in your "Welcome" email.
  5. Choose My Account > Instances and click Access Instance. The Splunk Cloud user interface displays.

Logging into a managed Splunk Cloud deployment

  1. In your web browser, go to the URL specified for your deployment. (Your company selected this URL as part of the process of buying Splunk Cloud.)
  2. Enter the username and password specified in your Welcome email or provided to you by your Splunk administrator.

Step 1: Download the installer

From the Splunk Cloud Home page:

  1. In the left sidebar, click Universal Forwarder.
  2. On the splunkclouduf Home page, click Download Universal Forwarder.
  3. On the Download Splunk Universal Forwarder page, click Windows and choose your Windows platform.
  4. When prompted, click Save File and click OK to download the splunkforwarder installer, which is an .msi file.

By default, the installer file is saved to the \Users\Downloads directory. If you download it to a different directory, make a note of the location.

Step 2: Install the universal forwarder

Install the universal forwarder on the computer that contains or has access to the data that you want to collect and forward to Splunk Cloud. If you want to install the universal forwarder on a different computer, copy the universal forwarder package file to that machine and continue with the steps below.

  1. To launch and run the installer. double-click the installer file that you downloaded.
  2. When prompted, read the license agreement and select Check this box to accept the License Agreement.
  3. Uncheck the checkbox labeled Use this Universal Forwarder with on-premises Splunk Enterprise. Uncheck if you want this Universal Forwarder to contact a Splunk Cloud instance.
  4. Click Next.
  5. (Self-service Splunk Cloud deployments only) To enable you to use Splunk Web to manage forwarders and configure data inputs) In the Deployment Server dialog, enter your Splunk Cloud hostname in the Hostname or IP field. Specify the URL provided in your Welcome email, omitting the leading https:// and preceding the URL with "input-". For example: input-prd-p-z41nh2qlt7cx.cloud.splunk.com. (Note: When you install the universal forwarder on other platforms, you must configure the deployment server/client settings manually by editing .conf files. On Windows, this logic is included in the installer.)
  6. For port number, enter 8089.
  7. Click Next.
  8. Click Install to launch the Setup Wizard and begin the installation. Note: By default, the Splunk Universal Forwarder is installed in the Program Files directory. If you install it in another directory, make note of the location.
  9. Click Finish when prompted.

Step 3: Download and install the universal forwarder credentials

To enable the forwarder to send data to Splunk Cloud, you must download the universal forwarder credentials file, which contains a custom certificate for your Splunk Cloud deployment. The universal forwarder credentials are different from the credentials that you use to log into Splunk Cloud.

When you install the credentials file into the universal forwarder, note that the default username and password for a first-time installation of the universal forwarder is admin:changeme. To change the admin password, run the edit user command. For example: splunk edit user admin -password mynewpassword -auth admin:changeme

To install your universal forwarder credentials from the Splunk Cloud Home page:

  1. In the left sidebar, click Universal Forwarder.
  2. On the splunkclouduf Home page, click Download Universal Forwarder Credentials' to download the splunkclouduf.spl file.
  3. When prompted, click Save File and click OK. By default, the splunkclouduf.spl file is downloaded to the Downloads directory (\Users\<username>\Downloads\). If downloaded to a different location, make note of the location.
  4. Open a command prompt window.
  5. Navigate to the bin directory of the SplunkUniversalForwarder installation. For example, cd \Program Files\SplunkUniversalForwarder\bin\
  6. Run the following command (assuming you have added the path to the splunk executable to your PATH environment variable): splunk install app <full path to splunkclouduf.spl> -auth <username>:<password> where <full path to splunkclouduf.spl> is the path to the directory where the splunkclouduf.spl file is located and <username>:<password> are the username and password of an existing admin account on the universal forwarder. Example: splunk install app \Users\johnsmith\Downloads\splunkclouduf.spl -auth admin:changeme
  7. To restart the universal forwarder, run the following command: splunk restart

Step 4: Configure data inputs

To specify the data to be forwarded to Splunk Cloud, perform the following steps.

The steps in this section apply to self-service deployments.

  1. In the Splunk Cloud user interface, click Settings in the top menu bar.
  2. Click Add Data.
  3. On the Add Data view, click Forward.
  4. On the Select Forwarders page, next to Select Server Class, click New.
  5. Under Available host(s), click one or more forwarder hosts to add to the Selected host(s) box. (If your host is not listed, you did not successfully configure your universal forwarder as a deployment client as described in Step 4 above.)
  6. In the New Server Class Name field, enter a name for the new server class.
  7. Click Next near the top of the screen.
  8. Select the type of data for the universal forwarder to collect. For this example choose Files & Directories
  9. Enter the name of a file or directory containing data that you want to forward to Splunk Cloud. For example, c:\Windows\windowsupdate.log
  10. Click Next.
  11. In the Input Settings view, next to Source type, click Automatic.
  12. Click Review and verify your settings are correct.
  13. Click Submit.
  14. To display the data that was forwarded, click Start Searching.

For more information about adding data, see Configure the universal forwarder in the Splunk Enterprise Forwarder Manual.

Last modified on 24 March, 2020
Overview of getting data into Splunk Cloud
Forward data to Splunk Cloud from Linux

This documentation applies to the following versions of Splunk Cloud: 7.0.11, 7.0.13, 7.1.3, 7.1.6, 7.2.4, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 8.0.2001

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters