Getting Data In

How to configure Splunk Light for receiving data from a Universal Forwarder?


I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server class for receiving data. The admin UI does not give me an option to do so.

How do I configure SL to receive data from a UF?

0 Karma

Splunk Employee
Splunk Employee

For more details on the process that @jterry refers to, see the topics in the Getting Data In chapter of the Splunk Light User Guide. A good starting topic is

Splunk Employee
Splunk Employee

The distinction between a forwarder & a deployment client is blurred in SL. For forwarding all you need to do is open/listen to a port on the server & tell the forwarder to send data there. (splunk add forward-server ...). In the latest release, it's recommended that all forwarders also be deployment clients (splunk set deploy-poll ...). This ties into the server class concept where forwarders (configured as deployment clients) can be managed in groups.

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...