Solved: Re: [Protocol Data Inputs] Where to install the ad...

SirHill17 · ‎12-28-2017

Hi,

I would like to use the add-on Protocol Data Inputs but I am unsure where should it be installed (meaning if it must be on every indexer part of a cluster --> master server ?) Or install on a dedicated server like Heavy Forwarder.

Thanks for your help.

Damien_Dallimor · ‎12-28-2017

Install on a Forwarder.

View solution in original post

Damien_Dallimor · ‎12-28-2017

Install on a Forwarder.

SirHill17 · ‎12-28-2017

Thanks for your quick answer.
I have another question following your answer. My aim is to have a centralized component masking data for all my servers (+2000) so if I can avoid deploying the add-on on every single host is better and also not impacting the servers where the forwarders run. Do you think it's possible to install the add-on on a Heavy Forwarder and having the UF sending the data to this HF which will handle the data ?

Damien_Dallimor · ‎12-28-2017

Yes that is possible.
UF -> forward raw TCP -> PDI App's TCP Port running on HF

SirHill17 · ‎12-29-2017

Thanks for your help.

Damien_Dallimor · ‎12-29-2017

My pleasure , shout out if you need any more help with custom handlers etc.. (I wrote the app).

[Protocol Data Inputs] Where to install the add-on ?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...