Solved: Why do we install apps on a Heavy forwarder throug...

riqbal · ‎06-24-2018

Hi everyone,

I am confused about deployment server function. can anyone elaborate it in simple words,
secondly why we need to install apps on heavy forwarders.

ritureddy · ‎06-24-2018

heavy forwarder is intermediate component between universal and indexer components. its eliminate the garbage data and its do index routing, masking the data and sourcetype routing before going to indexer. for this purpose we have to use props.conf and transforms.conf files.

in transforms.conf we have to set the rules and in props.conf what is rule and to whom to apply.

,

View solution in original post

sc31656us · ‎11-01-2018

The deployment server is used to deploy configuration files (like inputs.conf or props and transforms...) / TA's / Apps to end points that have a universal forwarder on them. It allows you to push config changes to all your end points without having to do it manually one by one.

There are some apps that require the python libraries that come with a HF. This is why some apps may require the use of a Heavy Forwarder.

Types of forwarders: http://docs.splunk.com/Documentation/Splunk/7.2.0/Forwarding/Typesofforwarders

ritureddy · ‎06-24-2018

heavy forwarder is intermediate component between universal and indexer components. its eliminate the garbage data and its do index routing, masking the data and sourcetype routing before going to indexer. for this purpose we have to use props.conf and transforms.conf files.

in transforms.conf we have to set the rules and in props.conf what is rule and to whom to apply.

,

ddrillic · ‎06-24-2018

Magnificent centralized configuration mechanism ; -)

Why do we install apps on a Heavy forwarder through a deployment server?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life