All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Do we need to install the Splunk Add-on for Box on both search heads and indexers, and do Box logs get stored on the heavy forwarder or indexers?

ericlarsen
Path Finder
‎10-28-2015 08:47 AM

Couple questions about the Splunk Add-on for Box. We're setting up a heavy forwarder to collect the data. Do we need to also install the add-on on both the Search Heads and Indexers as well, or just the Search Heads?

I'm also trying to determine how much disk space is needed on the heavy forwarder VM. Do the Box logs get stored on the heavy forwarder or do they get passed directly to the Indexers, without a copy being saved?

Appreciate the help.
Thanks!

0 Karma
Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎10-28-2015 10:02 AM

Hi Eric. The installation instructions in the documentation specify that you should install this add-on to your search heads and your heavy forwarder. There is no need to install it on indexers. http://docs.splunk.com/Documentation/AddOns/latest/Box/Install

As for your second question, no, the Box logs are not stored on the heavy forwarder, but they do get parsed there before they are sent on to your indexers. In general, when you think about scaling your forwarders for your data collection tasks, you are considering throughput, not storage. More here: http://docs.splunk.com/Documentation/Splunk/6.3.0/Deploy/Datapipeline

In this case, the Box API has rate limiting, so you are most likely going to be fine with one heavy forwarder.

0 Karma
Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎10-28-2015 10:17 AM

Also, I am not sure if you are familiar with our Splunk classes, but you might also be interested in checking out the Splunk 6 Administration class. It's an excellent class for getting really familiar with these concepts and applications. There are several prereqs.
Details and upcoming schedule can be found here:
https://inter.viewcentral.com/Events/cust/search_results.aspx?cid=splunk&pid=1&lid=1&tstamp=14460522...

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...