Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarder configuration to forward os data

mkashif
Explorer
‎06-03-2011 12:49 AM

Hello,

How can I install and configure a forwarder at my windows machine to transfer OS data (cpu load, memory etc) to my splunk indexer (running at a solaris machine).

I want windows machine data to be displayed in my NIX app at my indexer.

Guide me about what configurations would i have to make for this. Also about would i need a universal forwarder for this or a light forwarder?

Regards,

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mw
Splunk Employee
Splunk Employee
‎06-05-2011 09:05 AM

You'll have to configure your indexer to receive data. Install the Windows Universal Forwarder and set it to forward to the indexer (you should be prompted to do this during the install, but here's the doc: http://www.splunk.com/base/Documentation/4.2.1/Deploy/Configureforwarderswithoutputs.confd ). During the install you can also enable Perfmon inputs, but I believe there's a bug right now in the installer where the Perfmon inputs won't actually be created, so I think you'll have to do it by hand -- http://www.splunk.com/base/Documentation/latest/Admin/Perfmonconf .

However, the Windows data won't show in the nix app. You'll want to install the Windows app on the search head.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mkashif
Explorer
‎06-05-2011 11:54 PM

Thank you for your answer dear,

I have installed the forwarder at windows machine and my perfmon data is being shown in my indexer when i perform a search by ip address.

The problem i am getting was that the data is not being shown in nix app which u have answered that windows data is not supported in nix app.

I have deployed another forwarder at a Solaris machine but its data is also not being shown in NIX. As I understand it might be the problem in configuration.

What I did is just installed the universal forwarder at machine and have configured the port in its output.conf file. The data of this machine is also being shown when i perform a search by ip however the host is not being listed under host list in NIX app. Do i have to make any further configurations in it ?

Regards,

0 Karma
Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎06-06-2011 05:06 AM

Did you configure any inputs on the Solaris machine? If not, you can deploy the full Unix app to the Solaris machine, and enabling the inputs. (i.e. copy the desired stanza headers from default/inputs.conf to local/inputs.conf and setting disabled = false)

0 Karma
Reply
Solved! Jump to solution
Solution

mw
Splunk Employee
Splunk Employee
‎06-05-2011 09:05 AM

You'll have to configure your indexer to receive data. Install the Windows Universal Forwarder and set it to forward to the indexer (you should be prompted to do this during the install, but here's the doc: http://www.splunk.com/base/Documentation/4.2.1/Deploy/Configureforwarderswithoutputs.confd ). During the install you can also enable Perfmon inputs, but I believe there's a bug right now in the installer where the Perfmon inputs won't actually be created, so I think you'll have to do it by hand -- http://www.splunk.com/base/Documentation/latest/Admin/Perfmonconf .

However, the Windows data won't show in the nix app. You'll want to install the Windows app on the search head.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...