Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to forward data from Universal Forwarder into online sandbox instance

Nicholas_Key
Splunk Employee
Splunk Employee
‎10-26-2014 03:33 PM

Here are the steps to configure your Universal Forwarder to forward events to your online sandbox instance:

  1. Enable receiver in your online sandbox instance in https://prd-something-something.splunk6.splunktrial.com/en-US/manager/search/data/inputs/tcp/cooked

  2. Then configure your Universal Forwarder with the following commands:

    ./splunk add forward-server input-prd-something-something.splunk6.splunktrial.com:9997
    ./splunk add monitor
    Now perform a search and you'll be able to see some events in your online sandbox instance

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-27-2014 10:00 AM

I'd say the question contains all the steps necessary, thanks Nick!

View solution in original post

Reply
Solved! Jump to solution

ryoung_splunk
Splunk Employee
Splunk Employee
‎01-14-2015 08:03 AM

Since early December 2014 the steps to use a forwarder in the sandbox have changed. To forward data to a sandbox you can use Universal Forwarder App available in Splunk Online Sandbox. The Universal Forwarder App includes the information and credentials necessary to download, install, and authorize you to forward data to Splunk Online Sandbox. After you sign in to Splunk Online Sandbox, choose Universal Forwarder from the Apps menu, and follow the Universal Forwarder app instructions.

Reply
Solved! Jump to solution

DelProfundo
Explorer
‎01-27-2015 01:54 AM

Not true. Many places say "just download the universal forwarder and the app and install" does not work. Still errors out .

01-27-2015 19:52:39.782 +1000 ERROR TcpOutputFd - Read error. An existing connection was forcibly closed by the remote host.
01-27-2015 19:52:40.942 +1000 INFO TcpOutputProc - Connected to idx=54.84.49.180:9997 using ACK.
01-27-2015 19:52:47.265 +1000 INFO TailingProcessor - Could not send data to output queue (parsingQueue), retrying...

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-27-2014 10:00 AM

I'd say the question contains all the steps necessary, thanks Nick!

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-27-2014 01:08 PM

Can't do that, US/Canada only 😛

0 Karma
Reply
Solved! Jump to solution

Nicholas_Key
Splunk Employee
Splunk Employee
‎10-27-2014 10:18 AM

You are welcome! Please try out the steps and let me know if they aren't working.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...