Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why do we install apps on a Heavy forwarder throug...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I am confused about deployment server function. can anyone elaborate it in simple words,
secondly why we need to install apps on heavy forwarders.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
heavy forwarder is intermediate component between universal and indexer components. its eliminate the garbage data and its do index routing, masking the data and sourcetype routing before going to indexer. for this purpose we have to use props.conf and transforms.conf files.
in transforms.conf we have to set the rules and in props.conf what is rule and to whom to apply.
,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The deployment server is used to deploy configuration files (like inputs.conf or props and transforms...) / TA's / Apps to end points that have a universal forwarder on them. It allows you to push config changes to all your end points without having to do it manually one by one.
There are some apps that require the python libraries that come with a HF. This is why some apps may require the use of a Heavy Forwarder.
Types of forwarders: http://docs.splunk.com/Documentation/Splunk/7.2.0/Forwarding/Typesofforwarders
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
heavy forwarder is intermediate component between universal and indexer components. its eliminate the garbage data and its do index routing, masking the data and sourcetype routing before going to indexer. for this purpose we have to use props.conf and transforms.conf files.
in transforms.conf we have to set the rules and in props.conf what is rule and to whom to apply.
,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Magnificent centralized configuration mechanism ; -)
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
