Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can Heavy Forwarder perform remote WMI data collection?

fernandoandre
Communicator
‎05-25-2012 03:38 AM

My question is, can a Heavy Forwarder perform remote WMI data collection or this feature requires an Indexer?

I have read this and other splunk documentation but I can't find an answer for this.

Can anyone help? Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎05-25-2012 03:54 AM

Yes, it can.

A heavy forwarder is essentially just a regular Splunk installation that has been configured to forward data. WMI data collection functionality is included in all types of Splunk installations, including light and heavy forwarders.

View solution in original post

Reply
Solved! Jump to solution

cignul9
Explorer
‎10-30-2012 08:35 AM

Okay this is good news, it answers my question as well except now I'm left wondering how it works. The remote performance monitoring data input requires that an index be specified. When a heavy forwarder is doing the collecting does this index imply the one at the actual index server or the one on the heavy forwarder? If it's going on the heavy forwarder index AND being forwarded, how do I clear out the local index so it's not building up a big index like the one on my receiver/indexer?

I can rig a forwarder and have the same machine do remote performance monitoring. Is that all there is to it or do I need to configure something else so it's working the way I expect, ie collecting data at the forwarder then sending the data to the indexer for storage?

0 Karma
Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎05-25-2012 03:54 AM

Yes, it can.

A heavy forwarder is essentially just a regular Splunk installation that has been configured to forward data. WMI data collection functionality is included in all types of Splunk installations, including light and heavy forwarders.

Reply
Solved! Jump to solution

fernandoandre
Communicator
‎05-25-2012 03:56 AM

Thank you.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...