Knowledge Management

Splunk Cloud - Universal Forwarder and DBConnect questions

sdintino_splunk
Splunk Employee
Splunk Employee

One of the main questions we have right now is - where are the Universal Forwarders installed? We had talked about having them on each client and having a deployment server to control pushing configs out to those clients. Correct?

We were discussing this and wondering:
• How does the traffic going out to the Splunk Cloud, get throttled?
• How does the Deployment Server interact with each client?
• Is there an agent?

The second thing is DBConnect. In our “Manage apps”, I see a message saying we need to request this app be installed. How does the DB connect app on Splunk Cloud, talk to our SQL servers? Will it do this through the deployment server?

In one way we were wondering if it might be easier to have everything route though the heavy forwarder than to try and get the ports open on every server.

Also, do we need to purchase licenses to install Splunk Enterprise on the Heavy Forwarder and Deployment Server if we go that way?

Thanks!!

Tags (1)
1 Solution

ansif
Motivator
  • Splunk forwarders are light weight agents installed on all endpoint machines(where ever possible) to pull data and sent to Splunk cloud.
  • Both deployment server and forwarder has Splunk daemon process which interacts each other (default 8089 port but can be changed)
  • An universal forwarder, a small footprint agent.
  • Splunk has mainly 2 package,one is universal forwarder and other is Splunk enterprises.You need to built a system with Splunk enterprise and install DB connect app there.The DB connect app from this instance will directly interact with your DB instance to pull data and send it over Splunk cloud.You can use Deployment server to install DB connect app since deployment server uses Splunk enterprise installation.
  • You can configure a single splunk server to collect all your data and send it to Cloud.Keep it in mind it is really depend on how much data you are transferring through a single server.
  • Splunk license requires only when you index data locally.But I thinnk you require dummy licenses for other instances.Better contact sales persons.

NB:- Regarding Splunk cloud prerequisites and cost,please reach out to sales persons.They will answer all your queries and suggest you better splunk deployment in you environment.Accept this answer if you find helpful.

View solution in original post

ansif
Motivator
  • Splunk forwarders are light weight agents installed on all endpoint machines(where ever possible) to pull data and sent to Splunk cloud.
  • Both deployment server and forwarder has Splunk daemon process which interacts each other (default 8089 port but can be changed)
  • An universal forwarder, a small footprint agent.
  • Splunk has mainly 2 package,one is universal forwarder and other is Splunk enterprises.You need to built a system with Splunk enterprise and install DB connect app there.The DB connect app from this instance will directly interact with your DB instance to pull data and send it over Splunk cloud.You can use Deployment server to install DB connect app since deployment server uses Splunk enterprise installation.
  • You can configure a single splunk server to collect all your data and send it to Cloud.Keep it in mind it is really depend on how much data you are transferring through a single server.
  • Splunk license requires only when you index data locally.But I thinnk you require dummy licenses for other instances.Better contact sales persons.

NB:- Regarding Splunk cloud prerequisites and cost,please reach out to sales persons.They will answer all your queries and suggest you better splunk deployment in you environment.Accept this answer if you find helpful.

Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...