I need to collect snapshots of what applications are actively running on remote clients in order to do a trend analysis of HW/SW usage (near-real-time and historical). Is this best done using a default(-ish) config or executing a custom script in order to limit the data collected? Thanks, Todd
You can use the Unix app and a light weight forwarder / Universal forwarder on the remote machines if they unix based, or you can use the Windows app and a light weight forwarder / Universal forwarder for windows machines. You can setup these forwarders to collect the statistics and send them back to your main splunk instance. Here's a great blog link discussing this topic:
And here's the documentation on the setup:
thx bbingham
Makes sense, now to learn how to use forwarder to run custom script (if it does not collect running apps by default).