All Apps and Add-ons

Where shoulld I install Azure Monitor Add-on For Splunk? (Heavy forwarder/indexer/Search head)?

Koko12345678
Explorer

HI ,

I would like to know where should I install the Azure Monitor Add-on For Splunk? on which of this component? Heavy forwarder, indexer , Search head?

Thanks

0 Karma
1 Solution

adonio
Ultra Champion

Hello there,

ideally on the Heavy Forwarder, if not in the Search Head.
Avoid installing on indexer (unless its all in one)

hope it helps

View solution in original post

0 Karma

adonio
Ultra Champion

Hello there,

ideally on the Heavy Forwarder, if not in the Search Head.
Avoid installing on indexer (unless its all in one)

hope it helps

0 Karma

Koko12345678
Explorer

thanks 🙂
can you please explain why it's Ideally to install it on the HF ? and why to avoid installing it on the Indexer? and what do you mean by "unless its all in one"?

thank you

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi,

Better to install on HF.

Because INDEXER IS BUSY IN indexing data.
Search head is busy in searching.

————————————
If this helps, give a like below.
0 Karma

Koko12345678
Explorer

as far as I know HF is busy in parsing the data,then I'm just asking myself why HF is the better place?
in addition, where Should I configure the Inputs( input for Activity Logs/Diagnostics Logs) in splunk? is it in the search head?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Its fully dependent on your environment.

In my case we have search heads loaded with so many scheduled searches so I could not allocate even 1 cpu for modular/scripted inputs and we have Indexers are busy in responding to searches and indexing data. Thats y I recommend to have modular inputs on HF.

————————————
If this helps, give a like below.
0 Karma

Koko12345678
Explorer

ok thanks 🙂

0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...