Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the difference between Splunk Enterprise and Universal Forwarder?

bjyoti
Engager
‎07-28-2014 03:39 AM

Hi All,

I am a newbie to splunk. I have gone through a number of video tutorials on the net.
Hi All,

I would like to know what is the difference between splunk enterprise and splunk universal forwarder.

what is the difference between the functionalities ? What is the recommended splunk?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

strive
Influencer
‎07-28-2014 04:14 AM

Read these

http://www.splunk.com/view/SP-CAAAE8W
http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/TypesofSplunklicenses

The splunk universal forwarder has the license enabled/applied automatically; no additional steps are required post-installation.
With Splunk universal forwarder you can only forward data, parsing and indexing is not possible.

View solution in original post

Reply
Solved! Jump to solution

neelamssantosh
Contributor
‎07-30-2014 05:21 AM

Perfect question cocoon..

As per my knowledge, initially it was designed in perl for sys admin(UNIX guys)2005, later using python UI was developed in 2008 and now they using JSON for better UI and results.

With Enterprise, you can search for logs using splunk CherryPy web browser UI where one can search the logs ,customize the Dashboards are Configuration,etc.where you can Enjoy the beauty of Splunk.

with Forwarder, we can collect the logs and send to respective Search Head or Indexer to index the data.It doesn't have any UI as of now.

ALL THE BEST

0 Karma
Reply
Solved! Jump to solution
Solution

strive
Influencer
‎07-28-2014 04:14 AM

Read these

http://www.splunk.com/view/SP-CAAAE8W
http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/TypesofSplunklicenses

The splunk universal forwarder has the license enabled/applied automatically; no additional steps are required post-installation.
With Splunk universal forwarder you can only forward data, parsing and indexing is not possible.

Reply
Solved! Jump to solution

bjyoti
Engager
‎07-28-2014 09:42 PM

Thanks Jeff 🙂

0 Karma
Reply
Solved! Jump to solution

Jeff_Lightly_Sp
Communicator
‎07-28-2014 05:53 AM

In simple, broad terms, install Enterprise on the server that will retain and index the data and do your searches from there. Install the universal forwarder on any server you wish to forward data to the Enterprise server previously mentioned. The docs that Strive mentioned will help too.

Reply
Solved! Jump to solution

bjyoti
Engager
‎07-28-2014 05:08 AM

What use case they support?In what case the splunk enterprise and universal forwarder should be used ?

0 Karma
Reply
Solved! Jump to solution

bjyoti
Engager
‎07-28-2014 04:37 AM

what should I install ??

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...