"In a distributed deployment, install the Splunk Add-on for Java Management Extensions to your search heads, indexers, and heavy forwarders.
This add-on does not support universal forwarders because the add-on requires Python.
Note: You cannot use a deployment server to deploy the configured add-on to forwarders because the add-on uses modular inputs to collect data remotely. Using a deployment server to deploy configured add-ons to multiple forwarders results in duplicate data collection" (LINK)
Wondering why I'd need to put it on the indexers? Or even on the search heads, assuming I configure the app from the HF webconsole. And make own alerts or views, not some included in an app or add-on?
You do not need to install the JMX add-on to indexers if you do not want to, as long as you are using a Heavy Forwarder to do the data collection. However, it will not do any harm to have it there.
You DO need to install the JMX add-on to your search heads to take advantage of all the search time knowledge, such as CIM mapping.
I'll correct the docs to clarify that installing on indexers is not strictly necessary. Thanks!
We have a Tomcat running and to collect JMX logs is it mandatory to have Heavy forwarder installed.?I know we cannot install JMX add-on for UF. Is there any alternative method other than having HF installed.?and catalina,localhost,and manager logs can be collected through UF right.?correct me if I am wrong