I have to install a Splunk server and a universal forwarder (as a syslogserver). To the UF, I send data from the firewall, switches and access points.
I use the native log forwarding methods from the devices to send the data to the UF.
Now I have to create some dashboards, including when a device is reachable, down, critical...(ping?)
Or also the bandwith from the firewall...
For these, I want to use the Splunk Add-on for Unix and Linux on the UF, and then the APP on the Server.
Is it possible to send the data from the device to the UF (with Add-on installed) without installing a UF on the firewall or switches?
Or is there maybe a preferable way to deploy it, with another app or something?
Thanks for your help!
Of course. The easiest way to agentlessly send events to Splunk is with the Http Event Collector:
Http Event Collector