Universal Forwarder and Splunk Technology Add-on f...

aberdamy · ‎10-16-2013

Does anyone know if there are any docs out there that describe the design/architecture of the Universal forwarder and Technology Add-on for Windows? Has anyone had any issues with these forwarders on domain controllers? Does the agent leave anything behind when it is uninstalled?

thanks in advance,

aberdamy

lukejadamec · ‎10-16-2013

Other than the documents for the App and the information this Answers site there are none, you should contact Splunk Support if you're having a specific problem.

I have had issues with these forwarders on Domain Controllers - check points on log files can get 'lost' causing 24+MB/minute of splunkd logs, which can slow down the system. Another problem is that when logging is enabled on the DCs, it can slow down the system.

The agent should uninstall via Windows Control Panel > Uninstall cleanly.

lukejadamec · ‎10-18-2013

When the forward would act up it would slow down the indexer, but that was when it was 32 bit. It does not seem to effect the 64 bit system.
The DC logs will slow down the DC, but if you already have logging enabled the forwarder should not cause a problem.

aberdamy · ‎10-18-2013

Thanks for your reply. When you say "slow down the system" are you referring to the indexer or the domain controller after you installed the forwarder? Logging is already turned on for all of our dc's.

thanks

Universal Forwarder and Splunk Technology Add-on for Windows questions

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!