Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can i use Splunk enterprises as uinversal forwarder?

ahmemohs03
Explorer
‎07-20-2018 08:38 AM

Can i use Splunk enterprises as uinversal forwarder? if yes please send me documentation

Thanks.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-20-2018 02:23 PM

You can, but you should not. See here:

https://www.splunk.com/blog/2016/12/12/universal-or-heavy-that-is-the-question.html

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 10:40 AM

Hi @ahmemohs03

Yes, you can use full enterprise version of splunk as a universal forwarder,

This makes you to have the Splunk UI enabled as well on the forwarder,

Please go through these docs.
https://docs.splunk.com/Documentation/Forwarder/7.1.2/Forwarder/Abouttheuniversalforwarder

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:46 AM

Thanks for the reply.

I had Linux A(Splunk enterprises) Linux B(UF)

Linux B logs need to be forwarder to Linux A (weburl..were splunk enterprises installed http:hostname:8000)

Do i need to installed full enterprise version of splunk as a universal forwarder on Linux B?

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:49 AM

No, you just need a universal forwarder on Linux B

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:54 AM

Thanks,

Linux A (splunk enterprises) Linux B(UF) already there.

but Linux A (splunk enterprises) as index server..weburl not comingup after UF installation.

i see ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf in splunkd.logs of index server.

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 11:28 AM

as mentioned in this other splunk answer, which was asked by you
https://answers.splunk.com/answers/672909/splunk-weburl-not-coming-up-after-configuring-univ.html#an...

Try to enable ssl communication between forwarder and indexer.

You can go through these docs to enable ssl communication between forwarder and indexer.
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureSplunkforwardingtousesignedcerti...
https://answers.splunk.com/answers/397/how-to-configure-ssl-for-forwarding-and-receiving-data.html

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 01:29 PM

Thanks you, will try.

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:39 AM

Yes, Splunk enterprise can work as a forwarder except that it becomes a heavy forwarder instead of universal forwarder.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Forwarding/Typesofforwarders

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...