All Apps and Add-ons

Spunk Windows TA + Windows Universal Forwarder vs clean Windows Universal forwarder

dreadangel
Path Finder

Hi,

There are any differences between Windows TA + Windows Universal Forwarder and clean Windows Universal forwarder installation?
Could you please specify any?.

Thank you in advamce

0 Karma

dstaulcu
Builder

the uf will ignore props and transforms config files and apply inputs.

0 Karma

koshyk
Super Champion

I'm not exactly sure what you want as answer as they are all completely different things

  1. Windows Universal Forwarder is just the light weight Splunk collection software. This needs to be installed on your windows clients
  2. Windows TA => This is the brain behind field extraction and enrichment of data. This is installed in your Heavy Forwarders, Search Heads and Indexers . Only the "Inputs" section of this TA needs to be installed in the Universal Forwarders. Best practice is to create your own app (eg MY_windows_inputs) and put all the inputs.conf you require
  3. Clean Installation => I guessing it is the actual installation of the Windows Universal Forwader into the client machine. This is the binary install using an Administrator manually or via tools like SCCM/puppet

lakshman239
Influencer

Just a note - If we install the Windows UF on windows without any input config, we should be able to install the Splunk add on for windows on the endpoints (UF) as well and config inputs [ in a separate app or local]. https://docs.splunk.com/Documentation/WindowsAddOn/6.0.0/User/Install

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...