Getting Data In

Can we use the usual Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure?

skulk
Explorer

When you deploy Splunk Insights for Infrastructure you use the specific script to install a forwarder. Can we use Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure and to send other logs to a different Splunk Instance at the same time?

0 Karma

virgaramada
New Member

The answers are not very clear for me. I believe I have a same case: if I want to combine logs (system logs, and app server logs such as catalina logs, jboss logs, etc) and metrics from both windows and linux servers, And no remote access to the metrics nor logs, thus only possible with forwarder. What is the best platform? Is it Splunk Enterprise or Splunk Insight for Infrastucture? And how to do it? please share some tutorials. Thanks

0 Karma

vshcherbakov_sp
Splunk Employee
Splunk Employee

@virgaramada, you may want to start with Splunk Insights for Infrastructure first, as it is designed to simplify the data log and metric data onboarding, correlation, alerting, etc. To find out more, please check out SII's Getting started page.

0 Karma

vshcherbakov_sp
Splunk Employee
Splunk Employee

@virgaramada, you may want to start with Splunk Insights for Infrastructure first, as it is designed to simplify the data log and metric data onboarding, correlation, alerting, etc. To find out more, please check out SII's Getting started page.

0 Karma

ntankersley_spl
Splunk Employee
Splunk Employee

this depends on the use case. For Windows data, all metrics are collected via perfmon inputs on the UF. These are native inputs to the UF and the payloads are transformed to metrics in the indexing pipeline.

For Linux hosts, the UF is used to send logs to splunk using the S2S protocol. Collectd is the metrics collection agent and send direct to Splunk HEC (HTTP Event Collector) which is the Splunk recommended input for metrics.

omprakash9998
Path Finder

How can we use the existing windows universal forwarders and the data coming in to splunk Enterprise and use them in splunk app for infrastructure

0 Karma

pwu_splunk
Splunk Employee
Splunk Employee

No, the Splunk Universal Forwarder is not collecting and sending metrics to Splunk Insights for Infrastructure (SII). The component that does so is Collectd which is also installed by the installation script. The Splunk Universal Forwarder is the component sending logs to SII.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...