Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can i use Splunk enterprises as uinversal forwarder?

ahmemohs03
Explorer
‎07-20-2018 08:38 AM

Can i use Splunk enterprises as uinversal forwarder? if yes please send me documentation

Thanks.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-20-2018 02:23 PM

You can, but you should not. See here:

https://www.splunk.com/blog/2016/12/12/universal-or-heavy-that-is-the-question.html

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 10:40 AM

Hi @ahmemohs03

Yes, you can use full enterprise version of splunk as a universal forwarder,

This makes you to have the Splunk UI enabled as well on the forwarder,

Please go through these docs.
https://docs.splunk.com/Documentation/Forwarder/7.1.2/Forwarder/Abouttheuniversalforwarder

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:46 AM

Thanks for the reply.

I had Linux A(Splunk enterprises) Linux B(UF)

Linux B logs need to be forwarder to Linux A (weburl..were splunk enterprises installed http:hostname:8000)

Do i need to installed full enterprise version of splunk as a universal forwarder on Linux B?

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:49 AM

No, you just need a universal forwarder on Linux B

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:54 AM

Thanks,

Linux A (splunk enterprises) Linux B(UF) already there.

but Linux A (splunk enterprises) as index server..weburl not comingup after UF installation.

i see ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf in splunkd.logs of index server.

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 11:28 AM

as mentioned in this other splunk answer, which was asked by you
https://answers.splunk.com/answers/672909/splunk-weburl-not-coming-up-after-configuring-univ.html#an...

Try to enable ssl communication between forwarder and indexer.

You can go through these docs to enable ssl communication between forwarder and indexer.
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureSplunkforwardingtousesignedcerti...
https://answers.splunk.com/answers/397/how-to-configure-ssl-for-forwarding-and-receiving-data.html

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 01:29 PM

Thanks you, will try.

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:39 AM

Yes, Splunk enterprise can work as a forwarder except that it becomes a heavy forwarder instead of universal forwarder.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Forwarding/Typesofforwarders

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...