Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk forwarder

bellaed
Path Finder
‎02-03-2013 10:13 PM

What is splunk forwarder?
When we have to use this?
Does it need a separate license in enterprise environment?

Thank you
Bella

Tags (2)
Reply

ChrisG
Splunk Employee
Splunk Employee
‎02-08-2013 11:49 AM

The universal forwarder and the light forwarder are not the same thing. The full documentation topic that explains the differences between the types of forwarders is Types of forwarders in the Distributed Deployment Manual. The universal forwarder is a separate download; it is a streamlined version of Splunk that only contains the components necessary to forward data to receivers. The heavy and light forwarders are both full Splunk instances. A heavy forwarder can index data locally, but that capability is turned off by default. If you are using the indexing feature of a heavy forwarder, you must have an Enterprise license and the heavy forwarder must be part of your Enterprise license stack. It does not need a separate license. See the Forwarder license topic in the Admin Manual.

Reply

jay007ant
Explorer
‎02-08-2013 10:47 AM

In splunk , we generally use two type Forwarder:

  1. Universal Forwarder (Light Forwarder):
    • Splunk “agent” installed on non-Splunk system to gather data locally, can’t parse or index by design
    • Smallest possible hardware footprint — designed to be installed on production systems
  2. “Heavy” Forwarder:
    • Splunk instance that gathers data, parses it, and forwards it on to an indexer – no data written to disk
    • Generally works as a remote collector, intermediate forwarder, and possible data filter because they parse data, they are not recommended for production systems

About license in enterprise environment : you can get here more details

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-03-2013 10:41 PM

http://docs.splunk.com/Splexicon:Forwarder

No separate license, neither in free nor enterprise.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...