Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does splunk apps available on splunkbase work with splunk universal forwarders?

manmah4u
Explorer
‎05-18-2015 11:58 PM

Case:-
Splunk enterprise server version 6.1

Lets say I have around 100 production servers with Universal forwarders installed and I intent to forward the performance logs from these servers to my splunk server. My query is can I install the apps(say splunk app for windows or any other) available on splunkbase on these 100 servers to collect and forward the logs to splunk server?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tom_frotscher
Builder
‎05-19-2015 12:57 AM

Hi,

the splunk app for windows (now called splunk app for windows infrastructure) or the splunk app for unix contains so called technical addons. You can deploy these on your 100 forwarders, for example with the deployment server, and use them on the forwarders. The rest of the app must be installed on the search heads.

you can also use other apps with the universal forwarders, but most of the time you only need the inputs on the universalforwarder, the rest is done by the indexer or the search head.

Here is a nice overview of where you have to install the components of the splunk app for windows infrastructure:

http://docs.splunk.com/Documentation/MSApp/latest/MSInfra/HowtodeploytheSplunkAppforWindowsInfrastru...

Greetings

Tom

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

tom_frotscher
Builder
‎05-19-2015 12:57 AM

Hi,

the splunk app for windows (now called splunk app for windows infrastructure) or the splunk app for unix contains so called technical addons. You can deploy these on your 100 forwarders, for example with the deployment server, and use them on the forwarders. The rest of the app must be installed on the search heads.

you can also use other apps with the universal forwarders, but most of the time you only need the inputs on the universalforwarder, the rest is done by the indexer or the search head.

Here is a nice overview of where you have to install the components of the splunk app for windows infrastructure:

http://docs.splunk.com/Documentation/MSApp/latest/MSInfra/HowtodeploytheSplunkAppforWindowsInfrastru...

Greetings

Tom

0 Karma
Reply
Solved! Jump to solution

manmah4u
Explorer
‎05-19-2015 04:45 AM

Thanks Tom for the Reply.

So I understand that if I have a distributed splunk installation setup with deployment server, indexers,search head servers and UF on the servers which I intent to monitor, I will have to install add-on apps on Forwarders that gives me readymade Inputs.conf files with the appropriate stanzas of configurations and the complete app on searchhead servers?.

Say for example theres an app for enterprise security on splunkbase and I read on website that It needs splunk enterprise and on top of it this app has to be installed. In case where I have the 100 servers with Universal forwarders I will have to search for an add-on app for enterprise security?

0 Karma
Reply
Solved! Jump to solution

tom_frotscher
Builder
‎05-19-2015 04:53 AM

Hi,

the first part of your comment is right. But there are of course apps, that do not need add ons, it always depends on the app itself and the purpose of the app. There are also apps that only provides new visualizations for dashboards. But over all you are right.

For the second part of your comment:
The Splunk App for Enterprise Security is a quite complex app. But over all it works the same way. There are add ons that you can install on your forwarders. You dont have to search that much for the add ons on the splunk base website. Typically the add ons are shipped with the app itself or they are mentioned in the documentation of the app. For example the add ons for the enterprise security app are listed here:

http://docs.splunk.com/Documentation/ES/latest/Install/InstallTechnologyAdd-ons

Greetings

Tom

0 Karma
Reply
Solved! Jump to solution

manmah4u
Explorer
‎05-19-2015 05:03 AM

Thanks Tom. Your reply was very helpful and it cleared my doubts.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...