I am new to Splunk and I am trying to test Splunk Cloud with my AWS instance. I have a forwarder built in AWS.
It does not show up in the forwarders of my cloud instance
It installs fine according to the instructions provided. I have installed using the .spl file and a local admin account. I restarted Splunk using the CLI. no errors were encountered - here is the output
> PS C:\Program> Files\SplunkUniversalForwarder\bin>> .\splunk.exe restart SplunkForwarder:> Stopped>> Splunk> Like an F-18, bro.>> Checking prerequisites...> Checking mgmt port [8089]: open> Checking conf files for problems...> Done> Checking default conf files for edits...> Validating installed files against hashes from 'C:\Program> Files\SplunkUniversalForwarder\splunkforwarder-6.5.1-> f74036626f0c-windows-64-manifest'> All installed files intact.> Done All preliminary checks passed.>> Starting splunk server daemon> (splunkd)...>> SplunkForwarder: Starting (pid 2200)> Done
The forwarder has internet access, and Windows firewall has been disabled.
I have added a syslog listener to the forwarder using Splunk add udp 514 -sourcetype syslog
I have confirmed that data is getting to the forwarder using wireshark but I don't see data being forwarded out
how can I determine what the issue is?
thanks
↧