Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Has Anyone put a Forwarder on a Tablet?

skoelpin
SplunkTrust
SplunkTrust
‎08-10-2016 12:27 PM

Has anyone captured Windows Event Logs from tablets and forwarded it to their indexer?

We're currently trying to solve an issue where the tablet HDD is 500MB and the tablet may lose network connectivity for 12 hours before it's able to get back on the network. This means that the data will be stored locally on the tablet but unable to forward to the indexer.. There's a possibility that the log data will roll before it's able to get network connectivity again which means the data will never make it to the indexer.

I know that the UF can queue up to 500kb, but we expect that more than 500kb of data will be collected when there's no network connection. So my question, has anyone had a similar situation like this? How did you solve it?

We're debating setting up a storage hub to act as a buffer between the tablet and the indexer but this isn't ideal..

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎08-10-2016 02:46 PM

First, you can increase the size of the UF queues. Second, have you considered using Splunk Mint? It is designed for mobile apps...

http://www.splunk.com/en_us/products/splunk-mint.html

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎08-10-2016 02:46 PM

First, you can increase the size of the UF queues. Second, have you considered using Splunk Mint? It is designed for mobile apps...

http://www.splunk.com/en_us/products/splunk-mint.html

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎08-10-2016 03:39 PM

That was my first thought, but if I doubled the size of the queue then I'd most likely consume more than twice the amount of memory right? Slowing the tablets down is not an option unfortunately

I was thinking about suggesting they create a hub and send the data via bluetooth from the tablets to the hub when network connectivity drops and this hub be hardwired into a network drop for a persistent internet connection. What's your thoughts on this?

I did overlook Splunk Mint, thanks for the suggestion!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...