Solved: Re: [Protocol Data Inputs] Where to install the ad...

SirHill17 · ‎12-28-2017

Hi,

I would like to use the add-on Protocol Data Inputs but I am unsure where should it be installed (meaning if it must be on every indexer part of a cluster --> master server ?) Or install on a dedicated server like Heavy Forwarder.

Thanks for your help.

Damien_Dallimor · ‎12-28-2017

Install on a Forwarder.

View solution in original post

Damien_Dallimor · ‎12-28-2017

Install on a Forwarder.

SirHill17 · ‎12-28-2017

Thanks for your quick answer.
I have another question following your answer. My aim is to have a centralized component masking data for all my servers (+2000) so if I can avoid deploying the add-on on every single host is better and also not impacting the servers where the forwarders run. Do you think it's possible to install the add-on on a Heavy Forwarder and having the UF sending the data to this HF which will handle the data ?

Damien_Dallimor · ‎12-28-2017

Yes that is possible.
UF -> forward raw TCP -> PDI App's TCP Port running on HF

SirHill17 · ‎12-29-2017

Thanks for your help.

Damien_Dallimor · ‎12-29-2017

My pleasure , shout out if you need any more help with custom handlers etc.. (I wrote the app).

[Protocol Data Inputs] Where to install the add-on ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation