Solved: Difference between Splunk app and splunk add-on an...

gsrikanth87 · ‎01-08-2015

As per my understanding we install Splunk app on serverside, Splunk universal forwarder is client-side, then what is a Splunk add-on?

kml_uvce · ‎01-08-2015

yes , if your definition of client and server side like this
client side is your source of data/system
serverside is your indexer

View solution in original post

kml_uvce · ‎01-08-2015

yes , if your definition of client and server side like this
client side is your source of data/system
serverside is your indexer

gsrikanth87 · ‎01-08-2015

oh, Thank you. Do we have any video link for splunk configuration for unix/linux servers monitoring?

kml_uvce · ‎01-08-2015

universal forwarder : it is used to send data from source to indexer
Splunk app: you need to install in indexer or search head and shows you report, visualization
splunk addon:you need to install splunk add-on in forwarder and addon extract the data from source (example run scripts in unix addon) v and send to indexer via forwarder

gsrikanth87 · ‎01-08-2015

Thank you.. But I want to understand that where we install splunk app and splunk fowarder?

splunk app - server side
splunk universal forwarder- client side with addon

Is this correct?

Difference between Splunk app and splunk add-on and universal forwarder?

add-on

app

universal forwarder

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...