Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can i use Splunk enterprises as uinversal forwarder?

ahmemohs03
Explorer
‎07-20-2018 08:38 AM

Can i use Splunk enterprises as uinversal forwarder? if yes please send me documentation

Thanks.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-20-2018 02:23 PM

You can, but you should not. See here:

https://www.splunk.com/blog/2016/12/12/universal-or-heavy-that-is-the-question.html

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 10:40 AM

Hi @ahmemohs03

Yes, you can use full enterprise version of splunk as a universal forwarder,

This makes you to have the Splunk UI enabled as well on the forwarder,

Please go through these docs.
https://docs.splunk.com/Documentation/Forwarder/7.1.2/Forwarder/Abouttheuniversalforwarder

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:46 AM

Thanks for the reply.

I had Linux A(Splunk enterprises) Linux B(UF)

Linux B logs need to be forwarder to Linux A (weburl..were splunk enterprises installed http:hostname:8000)

Do i need to installed full enterprise version of splunk as a universal forwarder on Linux B?

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:49 AM

No, you just need a universal forwarder on Linux B

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:54 AM

Thanks,

Linux A (splunk enterprises) Linux B(UF) already there.

but Linux A (splunk enterprises) as index server..weburl not comingup after UF installation.

i see ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf in splunkd.logs of index server.

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 11:28 AM

as mentioned in this other splunk answer, which was asked by you
https://answers.splunk.com/answers/672909/splunk-weburl-not-coming-up-after-configuring-univ.html#an...

Try to enable ssl communication between forwarder and indexer.

You can go through these docs to enable ssl communication between forwarder and indexer.
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureSplunkforwardingtousesignedcerti...
https://answers.splunk.com/answers/397/how-to-configure-ssl-for-forwarding-and-receiving-data.html

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 01:29 PM

Thanks you, will try.

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:39 AM

Yes, Splunk enterprise can work as a forwarder except that it becomes a heavy forwarder instead of universal forwarder.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Forwarding/Typesofforwarders

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...