Verification
Verifying the Installation
• To check the status of the Splunk forwarder run the following command: sudo ./splunk status
• To verify the connection to the indexer run the following command:
sudo ./splunk list forward-server
Verifying the Port
Ensure that the outbound port 9997 (the default Splunk receiving port) is opened on your Linux machine: Open Port 9997 (if using a firewall like firewalld):
Verifying the Forwarder Status
You can verify that the forwarder is active and sending data to Splunk Cloud by running the following command:
sudo /opt/splunkforwarder/bin/splunk list forward-server
You should see a status like Active if the connection to Splunk Cloud is working correctly.
Verifying the Data in Splunk Cloud
-
Log in to your Splunk Cloud instance.
-
Go to Search & Reporting and search for the incoming logs:
index=_internal host=<your_linux_host>
You can also search for data from /var/log/messages:
index=* source="/var/log/messages"