Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk Light for receiving data from a Universal Forwarder?

andig2
Engager
‎10-26-2015 04:02 AM

I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server class for receiving data. The admin UI does not give me an option to do so.

How do I configure SL to receive data from a UF?

0 Karma
Reply

andrewb_splunk
Splunk Employee
Splunk Employee
‎04-11-2016 09:59 AM

For more details on the process that @jterry refers to, see the topics in the Getting Data In chapter of the Splunk Light User Guide. A good starting topic is http://docs.splunk.com/Documentation/SplunkLight/6.4.0/GettingStarted/Aboutaddingdata

Reply

jterry
Splunk Employee
Splunk Employee
‎04-04-2016 04:49 PM

The distinction between a forwarder & a deployment client is blurred in SL. For forwarding all you need to do is open/listen to a port on the server & tell the forwarder to send data there. (splunk add forward-server ...). In the latest release, it's recommended that all forwarders also be deployment clients (splunk set deploy-poll ...). This ties into the server class concept where forwarders (configured as deployment clients) can be managed in groups.

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...