Solved: Re: What is the relationship between Splunk Enterp...

kataoka · ‎06-13-2016

I want to know the two relations between the universal forwarder and Splunk Enterprise.

richgalloway · ‎06-13-2016

Splunk Enterprise is data store for server logs and other machine data. It receives data from various sources, indexes it, stores it, and provides a UI that allows users to search that data and produce reports.

The Universal Forwarder is essentially a Splunk "agent". It resides on monitored servers where it collects data and passes it on (forwards it) to Splunk Enterprise for storage.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

ddrillic · ‎06-14-2016

Similar question at What is the difference between Splunk Enterprise and Universal Forwarder?

richgalloway · ‎06-13-2016

Splunk Enterprise is data store for server logs and other machine data. It receives data from various sources, indexes it, stores it, and provides a UI that allows users to search that data and produce reports.

The Universal Forwarder is essentially a Splunk "agent". It resides on monitored servers where it collects data and passes it on (forwards it) to Splunk Enterprise for storage.

---
If this reply helps you, Karma would be appreciated.

What is the relationship between Splunk Enterprise and the Universal Forwarder?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms