I've been using Splunk for several years now. I have forwarders installed on Linux, AIX, and Solaris. Never had an issue.

I recently installed a universal forwarder on my first-ever Windows server. And it forwards its WinEvent/Perfmon data to my Linux-based Indexer without any issue. I haven't installed any additional TAs on the forwarder (yet). It just ran with whatever the Forwarder came with.

Where I'm confused is how I get the App with the UI/Dashboards running on my Linux-based Splunk instance. Reading the documentation, I get the impression it only works on a Windows-based Indexer. I've looked around on these forums and people running their indexer on Linux seem to have similar confusions and mixed results.

I refer to this doc: http://docs.splunk.com/Documentation/WindowsApp/latest/User/HowtodeploytheSplunkAppforWindows

Which says that I only need to install the TA on the Linux indexer. But will that provide me with the UI/Dashboards? From the description, it doesn't sound like it.

There are many posts on here regarding the Windows App, but I can't find a clear answer to this. Will the Splunk App for Windows run on a Linux indexer or not? If not, am I out of luck with getting the Dashboard?

Thank you very much in advance.