Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we use the usual Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure?

skulk
Explorer
‎05-30-2018 06:56 AM

When you deploy Splunk Insights for Infrastructure you use the specific script to install a forwarder. Can we use Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure and to send other logs to a different Splunk Instance at the same time?

0 Karma
Reply

virgaramada
New Member
‎11-26-2018 03:15 AM

The answers are not very clear for me. I believe I have a same case: if I want to combine logs (system logs, and app server logs such as catalina logs, jboss logs, etc) and metrics from both windows and linux servers, And no remote access to the metrics nor logs, thus only possible with forwarder. What is the best platform? Is it Splunk Enterprise or Splunk Insight for Infrastucture? And how to do it? please share some tutorials. Thanks

0 Karma
Reply

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-26-2018 09:30 AM

@virgaramada, you may want to start with Splunk Insights for Infrastructure first, as it is designed to simplify the data log and metric data onboarding, correlation, alerting, etc. To find out more, please check out SII's Getting started page.

0 Karma
Reply

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-26-2018 09:28 AM

@virgaramada, you may want to start with Splunk Insights for Infrastructure first, as it is designed to simplify the data log and metric data onboarding, correlation, alerting, etc. To find out more, please check out SII's Getting started page.

0 Karma
Reply

ntankersley_spl
Splunk Employee
Splunk Employee
‎08-08-2018 12:53 PM

this depends on the use case. For Windows data, all metrics are collected via perfmon inputs on the UF. These are native inputs to the UF and the payloads are transformed to metrics in the indexing pipeline.

For Linux hosts, the UF is used to send logs to splunk using the S2S protocol. Collectd is the metrics collection agent and send direct to Splunk HEC (HTTP Event Collector) which is the Splunk recommended input for metrics.

Reply

omprakash9998
Path Finder
‎12-12-2018 09:22 AM

How can we use the existing windows universal forwarders and the data coming in to splunk Enterprise and use them in splunk app for infrastructure

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎05-30-2018 11:17 AM

No, the Splunk Universal Forwarder is not collecting and sending metrics to Splunk Insights for Infrastructure (SII). The component that does so is Collectd which is also installed by the installation script. The Splunk Universal Forwarder is the component sending logs to SII.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...