Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Re: Do every node needs to install Splunk enetrpri...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have installed Splunk UF to each and every node and Splunk to a single node. Do I need to install Splunk enterprise to all the nodes/host having same port number?
If No, then is there any doc which will give a quick demo ??
Many Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi pratibha,
What do you mean by node in this case.? If you have a single-instance setup in that case,you need to install Splunk universal forwarder on host from which data has to be monitored and Splunk Enterprise on your splunk server.
You can refer docs below:
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchTutorial/InstallSplunk
http://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/Configuretheuniversalforwarder
Hope this helps!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi pratibha,
What do you mean by node in this case.? If you have a single-instance setup in that case,you need to install Splunk universal forwarder on host from which data has to be monitored and Splunk Enterprise on your splunk server.
You can refer docs below:
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchTutorial/InstallSplunk
http://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/Configuretheuniversalforwarder
Hope this helps!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Deepshri for answering this but I am too confused with the following:
Do I monitor the logs of various host IDs with a splunk enterprise installed only on one of the host id and splunk UF on all of them?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes , and you need to add the path in inputs.conf on forwarder to monitor the logs you need to index in splunk.
Also you need to enable outputs.conf on forwarder and enable receiving on indexer.
You also need to create index in indexes.conf on splunk instance.
Refer the link:
http://docs.splunk.com/Documentation/Splunk/7.0.2/Data/Getstartedwithgettingdatain
Let me know if this helps!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is helpful.
Many thanks Deepashri 🙂
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
Keep the Learning Going with the New Best of .conf Hub
