All Apps and Add-ons

Microsoft Windows TA Add-on: How to segregate desktops from universal forwarders currently on servers?

Hudond
Path Finder

Good Afternoon

We are looking at a pilot project to use Splunk to help manage our desktop inventory using the Microsoft_windows_TA add-on and a universal forwarder installed on the desktops.

The only information we will be extracting at this time is the Windows host information: System Name, OS, IP address, and logged-on user.

We are wondering how we can set up the universal forwarders on the desktops so that when they phone home to the deployment server, and we access the forwarder management page under settings (Settings>forwarder Management), we can segregate the desktops from the universal forwarders currently on the servers, if this is possible that is?

Just wondering if there was an easy way to do this so there are not pages and pages of desktops and servers phoning home making it hard to separate the two when accessing the forwarder management page.

We are a small shop therefore no clustering.
Any guidance would be appreciated.

Thank you

Labels (1)
0 Karma
1 Solution

adonio
Ultra Champion

Use a different serverclass for your desktops ...
https://docs.splunk.com/Documentation/Splunk/8.0.3/Updating/Useforwardermanagement
then you can query through | rest or other
there are other ways as well, for example, rename your TA for desktops, as it seems you really need a single piece of data ... deploy thi app using the new separate serverclass only to desktop and find the app in the _internal data

hope it helps

View solution in original post

0 Karma

adonio
Ultra Champion

Use a different serverclass for your desktops ...
https://docs.splunk.com/Documentation/Splunk/8.0.3/Updating/Useforwardermanagement
then you can query through | rest or other
there are other ways as well, for example, rename your TA for desktops, as it seems you really need a single piece of data ... deploy thi app using the new separate serverclass only to desktop and find the app in the _internal data

hope it helps

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...