Getting Data In

What is the relationship between Splunk Enterprise and the Universal Forwarder?

New Member

I want to know the two relations between the universal forwarder and Splunk Enterprise.

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Splunk Enterprise is data store for server logs and other machine data. It receives data from various sources, indexes it, stores it, and provides a UI that allows users to search that data and produce reports.

The Universal Forwarder is essentially a Splunk "agent". It resides on monitored servers where it collects data and passes it on (forwards it) to Splunk Enterprise for storage.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

Ultra Champion
0 Karma

SplunkTrust
SplunkTrust

Splunk Enterprise is data store for server logs and other machine data. It receives data from various sources, indexes it, stores it, and provides a UI that allows users to search that data and produce reports.

The Universal Forwarder is essentially a Splunk "agent". It resides on monitored servers where it collects data and passes it on (forwards it) to Splunk Enterprise for storage.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!