Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we use the usual Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure?

skulk
Explorer
‎05-30-2018 06:56 AM

When you deploy Splunk Insights for Infrastructure you use the specific script to install a forwarder. Can we use Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure and to send other logs to a different Splunk Instance at the same time?

0 Karma
Reply

virgaramada
New Member
‎11-26-2018 03:15 AM

The answers are not very clear for me. I believe I have a same case: if I want to combine logs (system logs, and app server logs such as catalina logs, jboss logs, etc) and metrics from both windows and linux servers, And no remote access to the metrics nor logs, thus only possible with forwarder. What is the best platform? Is it Splunk Enterprise or Splunk Insight for Infrastucture? And how to do it? please share some tutorials. Thanks

0 Karma
Reply

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-26-2018 09:30 AM

@virgaramada, you may want to start with Splunk Insights for Infrastructure first, as it is designed to simplify the data log and metric data onboarding, correlation, alerting, etc. To find out more, please check out SII's Getting started page.

0 Karma
Reply

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-26-2018 09:28 AM

@virgaramada, you may want to start with Splunk Insights for Infrastructure first, as it is designed to simplify the data log and metric data onboarding, correlation, alerting, etc. To find out more, please check out SII's Getting started page.

0 Karma
Reply

ntankersley_spl
Splunk Employee
Splunk Employee
‎08-08-2018 12:53 PM

this depends on the use case. For Windows data, all metrics are collected via perfmon inputs on the UF. These are native inputs to the UF and the payloads are transformed to metrics in the indexing pipeline.

For Linux hosts, the UF is used to send logs to splunk using the S2S protocol. Collectd is the metrics collection agent and send direct to Splunk HEC (HTTP Event Collector) which is the Splunk recommended input for metrics.

Reply

omprakash9998
Path Finder
‎12-12-2018 09:22 AM

How can we use the existing windows universal forwarders and the data coming in to splunk Enterprise and use them in splunk app for infrastructure

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎05-30-2018 11:17 AM

No, the Splunk Universal Forwarder is not collecting and sending metrics to Splunk Insights for Infrastructure (SII). The component that does so is Collectd which is also installed by the installation script. The Splunk Universal Forwarder is the component sending logs to SII.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...