How to configure Splunk Light for receiving data f...

andig2 · ‎10-26-2015

I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server class for receiving data. The admin UI does not give me an option to do so.

How do I configure SL to receive data from a UF?

andrewb_splunk · ‎04-11-2016

For more details on the process that @jterry refers to, see the topics in the Getting Data In chapter of the Splunk Light User Guide. A good starting topic is http://docs.splunk.com/Documentation/SplunkLight/6.4.0/GettingStarted/Aboutaddingdata

jterry · ‎04-04-2016

The distinction between a forwarder & a deployment client is blurred in SL. For forwarding all you need to do is open/listen to a port on the server & tell the forwarder to send data there. (splunk add forward-server ...). In the latest release, it's recommended that all forwarders also be deployment clients (splunk set deploy-poll ...). This ties into the server class concept where forwarders (configured as deployment clients) can be managed in groups.

How to configure Splunk Light for receiving data from a Universal Forwarder?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation