I've been using Splunk for several years now. I have forwarders installed on Linux, AIX, and Solaris. Never had an issue.
I recently installed a universal forwarder on my first-ever Windows server. And it forwards its WinEvent/Perfmon data to my Linux-based Indexer without any issue. I haven't installed any additional TAs on the forwarder (yet). It just ran with whatever the Forwarder came with.
Where I'm confused is how I get the App with the UI/Dashboards running on my Linux-based Splunk instance. Reading the documentation, I get the impression it only works on a Windows-based Indexer. I've looked around on these forums and people running their indexer on Linux seem to have similar confusions and mixed results.
I refer to this doc: http://docs.splunk.com/Documentation/WindowsApp/latest/User/HowtodeploytheSplunkAppforWindows
Which says that I only need to install the TA on the Linux indexer. But will that provide me with the UI/Dashboards? From the description, it doesn't sound like it.
There are many posts on here regarding the Windows App, but I can't find a clear answer to this. Will the Splunk App for Windows run on a Linux indexer or not? If not, am I out of luck with getting the Dashboard?
Thank you very much in advance.
"You can also install the Splunk App for Windows on a non-Windows Splunk instance to display Windows data coming from external sources, such as universal forwarders that run the Splunk Technology Add-on (TA) for Windows."
"You can also install the Splunk App for Windows on a non-Windows Splunk instance to display Windows data coming from external sources, such as universal forwarders that run the Splunk Technology Add-on (TA) for Windows."
Somehow I missed that. Thank you! 🙂