Getting Data In

what is Index , search and Heavy forwarder and how they are related each other please i need help

sujeet11dec
New Member

I have 3 Ubuntu machine , but i dont know what index , search and heavy forwarder and how they are related to each other .

Please help me i am vary new into IT Security and i got splunk as an first project

Tags (2)
0 Karma

n00badmin
Communicator

Have you installed Splunk Enterprise on the machines?

0 Karma

n00badmin
Communicator

You simply need to install Splunk Enterprise on 3 linux machines and configure one to forward and one to be a search only.

http://docs.splunk.com/Documentation/Splunk/latest/Installation/Whatsinthismanual

0 Karma

sujeet11dec
New Member

Hi n00badmin

Please i need your small help here what need to be a machine work as index , search or heavy Forwarder as per configration wise

sujeet

0 Karma

n00badmin
Communicator

First you should do some reading. Splunk documentation is some of the best

http://docs.splunk.com/Documentation/Splunk

A heavy forwarder is a full install of splunk that forwards data to an indexer.

The indexer indexes the data into indexes searchable from the searchhead.

START HERE : http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Distributedoverview

0 Karma

sujeet11dec
New Member

Please i need brief answer

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...