I have 3 Ubuntu machine , but i dont know what index , search and heavy forwarder and how they are related to each other .
Please help me i am vary new into IT Security and i got splunk as an first project
Have you installed Splunk Enterprise on the machines?
You simply need to install Splunk Enterprise on 3 linux machines and configure one to forward and one to be a search only.
http://docs.splunk.com/Documentation/Splunk/latest/Installation/Whatsinthismanual
Hi n00badmin
Please i need your small help here what need to be a machine work as index , search or heavy Forwarder as per configration wise
sujeet
First you should do some reading. Splunk documentation is some of the best
http://docs.splunk.com/Documentation/Splunk
A heavy forwarder is a full install of splunk that forwards data to an indexer.
The indexer indexes the data into indexes searchable from the searchhead.
START HERE : http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Distributedoverview
Please i need brief answer