All Apps and Add-ons

Add data into splunk cluster .


I have integrated Search Head cluster with Indexer Cluster. I am able to get search peers data,search members data,forwarders data in the search head by querying index="_internal".
I have a deployment server configured on a different machine. From here i can push apps to clients.
I have the following requirement now :-
On which server (Search peer/Search head/deployment server) should i configure the process of monitoring files on forwarders(ADD Data)?
On the Search peers-> Data inputs-> Forwarded inputs -> Files & Directories is displaying the following message.
"Use this page only in a single-instance Splunk environment."

Tags (1)
0 Karma


"Data inputs -> forwarded Inputs - > files and directories" is used when you wish to monitor a LOCAL file/directory on that server and then forward the data from that monitoring to another server (such as an indexer)

In a distributed environment, this feature of the UI is going to provide you little to no value.

On your question as to where to configure the process of monitoring files on forwarders, you should configure "apps" in the deployment server and then deploy these apps to all of your forwarders machines. (Assuming that you have configured your forwarders as clients of the deployment server and to periodically check in with the deployment server to check for new "apps" to download).

There is plenty of documentation on Splunk's website for this.

Here are some helpful links:
About Deployment Server

Deployment Server Architecture


Thank you.
As mention by you,if the ADD DATA step is performed on dedicated deployment server. How will the search head get the data from deployment server to search? How the search peers will contact deployment server and index the data?

0 Karma
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...