Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can i use Splunk enterprises as uinversal forwarder?

ahmemohs03
Explorer
‎07-20-2018 08:38 AM

Can i use Splunk enterprises as uinversal forwarder? if yes please send me documentation

Thanks.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-20-2018 02:23 PM

You can, but you should not. See here:

https://www.splunk.com/blog/2016/12/12/universal-or-heavy-that-is-the-question.html

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 10:40 AM

Hi @ahmemohs03

Yes, you can use full enterprise version of splunk as a universal forwarder,

This makes you to have the Splunk UI enabled as well on the forwarder,

Please go through these docs.
https://docs.splunk.com/Documentation/Forwarder/7.1.2/Forwarder/Abouttheuniversalforwarder

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:46 AM

Thanks for the reply.

I had Linux A(Splunk enterprises) Linux B(UF)

Linux B logs need to be forwarder to Linux A (weburl..were splunk enterprises installed http:hostname:8000)

Do i need to installed full enterprise version of splunk as a universal forwarder on Linux B?

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:49 AM

No, you just need a universal forwarder on Linux B

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:54 AM

Thanks,

Linux A (splunk enterprises) Linux B(UF) already there.

but Linux A (splunk enterprises) as index server..weburl not comingup after UF installation.

i see ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf in splunkd.logs of index server.

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 11:28 AM

as mentioned in this other splunk answer, which was asked by you
https://answers.splunk.com/answers/672909/splunk-weburl-not-coming-up-after-configuring-univ.html#an...

Try to enable ssl communication between forwarder and indexer.

You can go through these docs to enable ssl communication between forwarder and indexer.
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureSplunkforwardingtousesignedcerti...
https://answers.splunk.com/answers/397/how-to-configure-ssl-for-forwarding-and-receiving-data.html

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 01:29 PM

Thanks you, will try.

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:39 AM

Yes, Splunk enterprise can work as a forwarder except that it becomes a heavy forwarder instead of universal forwarder.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Forwarding/Typesofforwarders

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...