As per my understanding we install Splunk app on serverside, Splunk universal forwarder is client-side, then what is a Splunk add-on?
yes , if your definition of client and server side like this
client side is your source of data/system
serverside is your indexer
yes , if your definition of client and server side like this
client side is your source of data/system
serverside is your indexer
oh, Thank you. Do we have any video link for splunk configuration for unix/linux servers monitoring?
universal forwarder : it is used to send data from source to indexer
Splunk app: you need to install in indexer or search head and shows you report, visualization
splunk addon:you need to install splunk add-on in forwarder and addon extract the data from source (example run scripts in unix addon) v and send to indexer via forwarder
Thank you.. But I want to understand that where we install splunk app and splunk fowarder?
splunk app - server side
splunk universal forwarder- client side with addon
Is this correct?