Solved: Splunk Add-on for Apache Web Server: If I have thi...

deepakc · ‎12-22-2017

I have Splunk 7.1 / RHEL65 / Test enviroment
(New to splunk)

I see you have Splunk Add-on for Apache Web Server, but do you still need a forwarder to forward the apache logs?

Rgds
Dee

mayurr98 · ‎12-23-2017

hey @deepakc

Yes, you will still need forwarder to forward apache logs
as add-on works on the top of universal forwarder.add-on extracts the data from source and forwarder forwards data to the indexer.

difference between forwarder and add-on is as follows:

universal forwarder: it is used to send data from source to indexer
Splunk app: you need to install in indexer or search head and shows you report, visualization
Splunk addon: you need to install Splunk add-on in forwarder and addon extract the data from source (example run scripts in UNIX addon) v and send to indexer via forwarder

Let me know if this helps you!

View solution in original post

mayurr98 · ‎12-23-2017

hey @deepakc

Yes, you will still need forwarder to forward apache logs
as add-on works on the top of universal forwarder.add-on extracts the data from source and forwarder forwards data to the indexer.

difference between forwarder and add-on is as follows:

universal forwarder: it is used to send data from source to indexer
Splunk app: you need to install in indexer or search head and shows you report, visualization
Splunk addon: you need to install Splunk add-on in forwarder and addon extract the data from source (example run scripts in UNIX addon) v and send to indexer via forwarder

Let me know if this helps you!

Splunk Add-on for Apache Web Server: If I have this app do I still need a forwarder to forward Apache logs?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes