I want to know where should we install "SolarWinds Add-on Splunk", I mean on deployment server, search head or indexers? Also I want to know if this Add-on can get logs like when they are sent from syslog server.
Like most TAs, it should be installed on indexers so index-time properties and transforms can be used. It should also be installed on search heads so search-time properties can be used. Do NOT enable inputs in either instance type.
To use the inputs feature of the app, install it on a heavy forwarder.
Like most TAs, it should be installed on indexers so index-time properties and transforms can be used. It should also be installed on search heads so search-time properties can be used. Do NOT enable inputs in either instance type.
To use the inputs feature of the app, install it on a heavy forwarder.