Is there a *nix app for a UF when using a Windows ...

kmsnyde · ‎06-05-2013

I am using a Splunk Windows Indexer with both Windows and *nix workstations. I will employ the use of the Splunk App for Windows and the Windows TA add-on for the Windows Universal Forwarders to enhance my data collection/display. Can the *nix TA add-on for *nix Universal Forwarders be used to send data to the Splunk App for Windows? If not, what can I use for the *nix Universal Forwarders in a similar fashion as the Windows TA?

dwaddle · ‎06-05-2013

The *nix TA app can be used in conjunction with the *nix app, just like the Windows TA can be used with the Windows app. In both cases, the 'main app' is platform independent. That is, it does not care if your indexers and search heads are running on Windows or Unix. Only the respective TA app (which is doing the data collection) is picky about platform compatibility at installation.

dwaddle · ‎06-05-2013

Well, yes and no. The *nix TA only "works with" the *nix app. That is, the *nix TA creates sources / sourcetypes that the dashboards in the Windows app simply won't understand. But, nothing keeps you from using the *nix app on your Windows indexers.

kmsnyde · ‎06-05-2013

Just so I'm clear, the *nix TA app on the *nix Universal Forwarder "can" work with the Splunk App for Windows on my Indexer? Thanks.

Is there a *nix app for a UF when using a Windows Indexer?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases