Getting Data In

Monitoring Computers connect to a network

thomashigginson
Path Finder

How can I add a data input(s) for remote computers connected to a Network using Splunk? Splunk has access to the network and I want to collect data usage and WinLog Events.

Tags (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Install a Splunk Universal Forwarder on each remote computer. Configure the forwarder to send the desired information to your indexer(s).

---
If this reply helps you, Karma would be appreciated.

thomashigginson
Path Finder

Thanks for the doc, but unfortunately, my Splunk's CLI keeps exiting as soon as I open it, so I can't add the forwarder as an input.

0 Karma

Jeff_Lightly_Sp
Communicator

I agree that using a forwarder is usually the best and easiest way. A good documentation read can be found here:
http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor

0 Karma

richgalloway
SplunkTrust
SplunkTrust

How Splunk reaches out to other computers depends on the computer and how the data is stored. Splunk DB Connect, for example, can extract data from an SQL database. Scripted inputs can be created where the script launches a program that queries other computers for data and indexes it in Splunk. Using a forwarder is usually the easiest way.

---
If this reply helps you, Karma would be appreciated.
0 Karma

thomashigginson
Path Finder

I most likely am going to use forwarders then, but how can Splunk be configured to grab data from other computers? It sounds to be more difficult to set up.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk can only search for and alert on data in its indexes. While it's possible for Splunk to grab data from other computers, the more common approach is for the other computers to send data to Splunk. If the data you need is already indexed then you don't need a forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma

thomashigginson
Path Finder

If the main computer with Splunk has access to the Users via the Network, and I'm looking for specific data, can I just use the Add Data and fill out the information to, say, record if a User incorrectly logs in 5 times and send an email alert? Or do I still have to set up the forwarder?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Correct. Fortunately, they'll all be configured the same so all you have to do is set up one and copy the config to the others.

---
If this reply helps you, Karma would be appreciated.
0 Karma

thomashigginson
Path Finder

Each forwarder, then, needs to be configured to handle data on the local system and only send information I specify to the main computer, correct?

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...